ChatGPT Markdown Flaw Enables Phishing

A new vulnerability in ChatGPT, called ChatGPhish, uses Markdown links to create sophisticated phishing attacks by exploiting the platform's implicit trust.

Security researchers have disclosed a vulnerability in OpenAI's ChatGPT, which they have named ChatGPhish. The flaw originates from the way ChatGPT's response renderer processes and trusts content formatted with Markdown, particularly for links and images. An attacker can craft a malicious prompt that, when processed by the AI, generates a response containing a deceptive link. This link may appear legitimate but directs the user to a phishing website, effectively turning the AI assistant into a tool for launching attacks.

The vulnerability represents a novel attack vector that combines prompt injection with social engineering, leveraging the inherent trust users place in the ChatGPT interface. For businesses, developers, and security teams, this highlights the risk of uncritically accepting AI-generated content, especially when it includes external links. Attackers can exploit the platform's authority to make phishing attempts far more convincing than traditional methods. This could lead to credential theft or malware distribution if an employee interacts with a malicious link embedded in what appears to be a helpful, AI-generated summary.