Cybersecurity firms targeted by fraudulent OpenAI organization invites
Summary
Attackers are creating fake OpenAI organizations impersonating real companies and sending legitimate-looking invitations to employees to trick them into sharing sensitive information like source code and internal documents in chats. The fraudulent invitations come from OpenAI's real email servers and include payment methods attached, making them difficult to spot even though OpenAI includes a warning that the inviter's email domain doesn't match the recipient's company.
Solution / Mitigation
Push Security recommends training employees to verify unexpected organization invitations and monitoring SaaS (software-as-a-service, cloud-based applications) organization memberships to reduce the risk of these types of attacks.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites/
First tracked: June 26, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%