NurPhoto/Contributor/NurPhoto via Getty Images
Follow ZDNET: Add us as a preferred source on Google.
ZDNET key takeaways
Some OpenAI customer data was exfiltrated in a supply chain attack.
The attack only affected visitors to OpenAI's API documentation.
The damage was minimal yet noteworthy.
In case you missed it, which would have been easy to do given the timing, OpenAI -- the company responsible for generative AI solutions like ChatGPT and Sora -- announced on Thanksgiving eve that some of its customer data had been stolen as the result of a type of cyber intrusion known as a supply chain attack.
A supply chain attack occurs when, in targeting a major tech brand like OpenAI, threat actors launch their attack against one of the third-party solutions used by that brand.
Also: OpenAI is training models to 'confess' when they lie - what it means for future AI
Supply chain attacks have become the "in-thing" for threat actors. If you're a cybercriminal and the main target of your attack (in this case, OpenAI) is doing a good job with its defenses, there's always a chance that one of its suppliers is vulnerable. For the hundreds of global brands whose Salesforce data was stolen, the threat actors also conducted a supply chain attack on Salesloft's Drift, a third-party Salesforce add-on used by many Salesforce customers to integrate AI-driven chatbot functionality into their websites and apps.
... continue reading