The ‘Poisoned Tenant’ technique exploits OpenAI’s absence of domain-verified tenant identity controls to register fraudulent organizational workspaces impersonating legitimate companies, then lure employees via invitation emails that pass all standard email authentication. Any data submitted to ChatGPT in the attacker-controlled workspace flows directly to the attacker. No CVE is assigned and no vendor patch is available.