Cybersecurity researchers have identified a vulnerability in OpenAI’s organization invitation system that allows threat actors to gain unauthorized access to sensitive user data, including prompts and API activity logs. The attack leverages publicly shared organization invites to compromise accounts and extract proprietary information from targeted users. OpenAI has been notified of the vulnerability and is working to address the security gap.