OpenAI Discloses State-Sponsored Misuse of ChatGPT for Cyber Operations

Saturday, March 14, 2026 at 02:00 PM UTC·Source: OpenAI Threat Intelligence

Updated: Sunday, March 15, 2026 at 08:00 AM UTC

Executive Summary

OpenAI reports disrupting five state-sponsored groups using ChatGPT for reconnaissance, phishing content generation, and malware debugging.

Analysis

OpenAI disclosed that it disrupted accounts linked to five state-sponsored threat actors from China, Iran, North Korea, and Russia using ChatGPT for cyber operations support. Activities included target reconnaissance, phishing email drafting, malware code debugging, and social engineering script development. OpenAI emphasizes that AI provided incremental capability improvements rather than breakthrough capabilities. The company has enhanced its detection systems for coordinated inauthentic usage patterns.

Source Attribution

Originally published by OpenAI Threat Intelligence on Mar 14, 2026. Verified by: OpenAI.

Related Threats

CRITICALApt

Rapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security Leaders

Security teams are working in an environment where speed, scale, and complexity are all increasing at the same time. Across the Rapid7 2026 Global Cybersecurity Summit , the focus was not just on how the threat landscape is evolving, but on how teams are adapting their approach to keep up. The sessions brought together perspectives from across detection and response, exposure management, AI, and s

9h agoRapid7

HIGHApt

Internet Explorer may be dead, but its ghost still runs malware

Microsoft’s aging “mshta.exe” utility, a leftover component from Internet Explorer, is still being actively abused in modern malware campaigns years after the browser itself was retired. According to new research from Bitdefender, attackers continue to abuse Microsoft HTML Application Host (MSHTA), a built-in Windows utility capable of executing VBScript and JavaScript from local or remote files.

12h agoCSO Online

CRITICALApt

ZKTeco CCTV Cameras

<a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json">View CSAF</a> <h2>Summary</h2> Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. The following versions of ZKTeco CCTV Cameras are affected: <ul> <li>SSC335-GC2

CVE-2026-8598

13h agoCISA Advisories