Skip to content

ChatGPT Security Flaw Enables Phishing via Web Summaries

Bottom line: ChatGPT implicitly trusts Markdown links in web summaries, making it exploitable for phishing and prompt injection attacks.

Security researchers have disclosed a vulnerability in ChatGPT that exploits Markdown links in web summaries to perform prompt injections and enable phishing attacks. The security firm Permiso Security has named the technique “ChatGPhish”.

Security researchers at Permiso Security have demonstrated that the rendering engine at chatgpt.com interprets Markdown links and images without sufficient validation. This makes it possible to embed Markdown syntax in the HTML content of web pages that ChatGPT reads during web summarization.

For CISOs, this vulnerability is critical as it represents a direct attack vector: An attacker can prepare a malicious website with manipulated Markdown elements and trick ChatGPT users into having it summarized. The embedded links can then be used as phishing bait or to inject instructions into the ChatGPT conversation, to mislead users into social engineering attacks.

The security gap reveals a fundamental challenge in integrating web browsing into AI models: the implicit trust relationship between the model and the content it reads can be abused by third parties for manipulation. This is particularly problematic in enterprise environments where ChatGPT is used for researching sensitive information.

Organizations should raise awareness among their users not to use ChatGPT to analyze content from untrusted sources, and should consider disabling web summaries in risk-sensitive contexts until OpenAI provides appropriate fixes.


Source: thehackernews.com · Published May 29, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.0.

Share on: