ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Severity
Medium

Detail

ChatGPhish is a vulnerability disclosed by Permiso Security involving ChatGPT’s handling of Markdown links and images when summarizing third-party webpages. The issue is that ChatGPT may render attacker-controlled Markdown links and image URLs as clickable links or displayed images inside the ChatGPT response interface, making malicious content appear more trusted because it is shown within ChatGPT.

How?

An attacker can insert malicious instructions or payload content into a webpage. When a victim asks ChatGPT to summarize that page, the malicious content may influence the generated summary. This can cause ChatGPT to display phishing links, fake security alerts, remote attacker-hosted images, or QR codes. The article also notes that auto-fetched images could leak information such as the victim’s IP address, User-Agent, Referer, and access timing to attacker-controlled infrastructure.

Conclusion

This news highlights that AI summarization itself can become a phishing attack surface. The danger is not only prompt injection, but also how malicious webpage content can be transformed into trusted-looking output inside ChatGPT. Users and organizations should avoid clicking links, scanning QR codes, or trusting security alerts shown in AI summaries without verifying the original source.

Source

https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html