OpenAI says a China-linked group tried to phish its employees

OpenAI said a group with apparent ties to China tried to carry out a phishing attack on its employees, reigniting concerns that bad actors in Beijing want to steal sensitive information from top US artificial intelligence companies.

The AI ​​startup said on Wednesday that a suspected group in China called SweetSpecter posed as a user of its OpenAI chatbot ChatGPT earlier this year and sent customer support emails to staff. The emails included malicious attachments that, if opened, would have allowed SweetSpecter to take screenshots and exfiltrate data, OpenAI said, but the attempt failed.

“OpenAI’s security team contacted employees believed to have been targeted in this spear phishing campaign and found that security controls in place prevented the emails from ever reaching their corporate emails,” OpenAI said .

The disclosure highlights potential cybersecurity risks for leading AI companies as the US and China are locked in a high-stakes battle for artificial intelligence supremacy. In March, for example, a former Google engineer was accused of stealing AI trade secrets for a Chinese firm.

China’s government has repeatedly denied US allegations that organizations in the country are carrying out cyber attacks, accusing outside parties of orchestrating smear campaigns.

OpenAI disclosed the attempted phishing attack as part of its latest threat intelligence report, highlighting its efforts to combat influencer operations around the world. In the report, OpenAI said it removed accounts from groups with ties to Iran and China that used AI to assist with coding, conducting research and other tasks.