A significant vulnerability has been discovered in OpenAI's ChatGPT, allowing attackers to exploit the AI assistant's trust in Markdown links and images to launch phishing attacks. This technique, dubbed ChatGPhish by Permiso Security, enables prompt injections, potentially deceiving users into divulging sensitive information. The vulnerability stems from the chatgpt.com response renderer's implicit trust in Markdown links and images, which can be manipulated by attackers to inject malicious prompts. As a result, ChatGPT's web summaries can be transformed into a phishing surface, putting users at risk1. The disclosure of this vulnerability highlights the security implications of large language model (LLM) developments, which can introduce new risks alongside their capabilities. This vulnerability matters to practitioners because it underscores the need for robust security measures to mitigate the risks associated with AI-powered technologies.