The ChatGPhish technique, disclosed by Permiso Security, weaponizes ChatGPT’s Markdown rendering layer to inject phishing links and tracking pixels into AI-generated summaries without compromising OpenAI’s backend. Enterprises that use ChatGPT for research summarization or workflow automation face a novel phishing delivery surface that bypasses email gateways, link scanners, and DMARC controls, because the delivery occurs within a trusted HTTPS session to chatgpt.com.