// Blog / News

A fake AI workspace scam is tricking employees into leaking data

Artificial Intelligence 5 min read intrasec
Share

There is a new twist on phishing built for the age of AI, and it is clever enough that your team probably could not spot it. Attackers create a fake ChatGPT workspace named after your company, then send your employees a genuine invitation to "join", an email that really does come from OpenAI and passes every security check. Anyone who accepts and starts using it is handing their prompts straight to the attacker. Security firm Push Security caught this happening to its own staff and named it the "poisoned tenant" attack.

How the scam works

The attacker signs up for OpenAI and creates an organization (a shared ChatGPT workspace) named after the company they are targeting. They then invite specific employees, found through a bit of research, to join it. Because the invite is a real OpenAI invitation, it is sent from OpenAI's genuine address and passes spam and authentication checks, so it looks exactly like a legitimate one. Clicking the link adds the person to the attacker's workspace instantly, with no password needed. To make it convincing, everyone is given Owner-level access, there is an account posing as the company's CEO, and a payment card is already attached so the premium features work.

Why it is so effective

Normal phishing advice, check the sender, hover the link, does not help here, because the email is real. The only off note is a small mismatch between the workspace name and the account that created it, which is easy to miss. And the payoff for the attacker is large: an AI workspace is exactly where people paste their most sensitive material, source code, internal documents, customer data, contracts, strategy. If your team treats the fake workspace as the company's official AI tool, all of that flows to whoever set it up.

What to do about it

You cannot filter your way out of this one, so the defence is a few simple rules, not a product:

  • Agree on your one official AI workspace and make sure everyone knows which account and which login is the real one.
  • Treat any "join our AI workspace" invite as something to verify, by asking the person who supposedly sent it, through a separate channel, before clicking.
  • Never put sensitive company data into an AI account you did not set up yourself, no matter how official the invite looked.
  • Tell your team the key lesson: a real email from a real platform can still carry a fake invitation.

Sources:Push Security, Investigating a novel OpenAI poisoned tenant attackBleepingComputer, Cybersecurity firms targeted by fraudulent OpenAI organization invites

Want help setting sensible rules for the AI tools your team uses?

Talk to us

Related

Guide Artificial Intelligence Jun 13, 2026

How to use AI without leaking your client data

What data should never go into a chatbot, consumer vs business AI tiers, and the short rule set that keeps you onside.

Read article →
Guide Cybersecurity Jun 5, 2026

How to build an AI governance program for your business

You have AI tools but no policy, no one approving use cases, and no view of the risk. The lightweight program that turns ad hoc AI use into a managed one.

Read article →
Service

Managed Security

Visibility and control over the AI and SaaS accounts your team uses, with monitoring and fast response.

Learn more →