ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
highnewsLLM-Specific
securitysafety
Source: The Hacker NewsMay 29, 2026
Summary
ChatGPhish is a vulnerability in ChatGPT that allows attackers to embed malicious instructions in web pages, which ChatGPT then processes and renders as clickable phishing links and images inside its trusted interface when users ask it to summarize the page. The vulnerability works because ChatGPT automatically trusts and fetches Markdown links and images from summarized web pages, potentially leaking user information like IP addresses or tricking users into scanning malicious QR codes that bypass desktop security filters.
Classification
Attack Type
Prompt InjectionRAG Poisoning
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
Affected Vendors
OpenAI
Related Issues
Monthly digest — independent AI security research
Original source: https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html
First tracked: May 29, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%