A researcher says ChatGPT can be tricked into turning a malicious web page into a phishing message when a user asks it to summarize that page. Permiso's Andi Ahmeti reported that hidden Markdown instructions in attacker-controlled content can make ChatGPT include fake account alerts, attacker links, or QR codes in its response; OpenAI did not confirm a fix, and no CVE is cited in the report.
Why it matters: People using ChatGPT to summarize websites could be shown convincing phishing prompts in the assistant's own voice, including links or QR codes that bypass normal browser safety habits. Until OpenAI confirms a fix, users and defenders should treat AI-generated summaries of untrusted pages as potentially tainted and avoid clicking embedded links or scanning QR codes.
2026.05.29
100% relevant
This article appears to be the initial report of a distinct ChatGPT prompt-injection phishing technique affecting browser-rendered external content, and it does not match any existing tracked story.
← Back to all stories