In October 2025, OpenAI released a comprehensive report detailing the disruption of multiple state-sponsored cyber operations that had been exploiting its AI language model, ChatGPT, for malicious purposes. The report highlights the company’s ongoing efforts to prevent the misuse of its technologies by threat actors from nations such as China, Russia, and Iran.
China-Linked Cyber Activities
A significant portion of the report focuses on a group identified as “Cyber Operation Phish and Scripts,” operated by Chinese-speaking individuals. This group utilized ChatGPT to enhance their cyber operations in two primary ways:
1. Malware Development: The actors employed ChatGPT to assist in developing and debugging malware tools. Their methods showed similarities with known malware strains like GOVERSHELL and HealthKick. Additionally, they explored further automation possibilities using other AI models such as DeepSeek.
2. Phishing Content Generation: The group crafted targeted phishing emails in multiple languages, including Chinese, English, and Japanese. Their targets encompassed Taiwan’s semiconductor sector, U.S. academic institutions, and organizations critical of the Chinese government.
OpenAI’s investigation revealed that these activities aligned with the intelligence objectives of the People’s Republic of China (PRC) and overlapped with threat groups publicly tracked as UNKDROPPITCH and UTA0388.
Broader State-Sponsored Exploitation
Beyond Chinese-linked activities, the report uncovered that state-sponsored actors from Russia and Iran were also leveraging ChatGPT to augment their cyber operations:
– Russian Threat Actors: Engaged in sophisticated malware campaigns targeting Windows systems. They utilized ChatGPT to debug SSL/TLS certificate implementations and modify Windows Defender settings programmatically.
– Iranian Threat Actors: Continued their influence operations by generating content in multiple languages, targeting U.S. immigration policy, Scottish independence, and Irish reunification. They used ChatGPT to create persuasive narratives and social media content.
OpenAI’s Response and Mitigation Efforts
In response to these findings, OpenAI took decisive actions to mitigate the misuse of its AI technologies:
– Account Disruptions: The company disabled all accounts associated with the identified malicious activities.
– Information Sharing: OpenAI shared indicators of compromise with industry partners to bolster collective cybersecurity efforts.
– Model Safeguards: The AI models themselves acted as a safety barrier, often refusing direct requests to generate malicious code or execute exploits. The threat actors were limited to generating code snippets that were not inherently malicious on their own.
OpenAI emphasized that while state-sponsored actors are actively experimenting with AI, their primary use is to augment existing operations rather than develop novel offensive capabilities. The company remains committed to investing in detecting and disrupting such abuses to prevent its tools from being used for malicious cyber activities, scams, and covert influence operations.
