Cybersecurity News that Matters

Cybersecurity News that Matters

Aurascape Aura Labs Identifies and Reports ChatGPT Agent Mode Vulnerability

Default Image of Readable

by Business Wire

Aug. 26, 2025
9:14 PM GMT+9

SANTA CLARA, Calif.–(BUSINESS WIRE)–#AIsecurity–Aurascape today announced that its research team, Aura Labs, discovered and responsibly disclosed a vulnerability in OpenAI’s ChatGPT Agent Mode. OpenAI has since patched the issue, reinforcing enterprise trust in adopting emerging AI features.


ChatGPT’s Agent Mode provides the AI with a temporary cloud-based “workspace” to run code, browse the web, and complete tasks. Aurascape researchers found a way the environment could be manipulated in unintended ways. While the issue was limited to the short-lived virtual machines tied to a single user’s session—and did not affect ChatGPT customer data—left unpatched, it could have allowed users to bypass safeguards and misuse the feature.

“Our research showed how quickly new AI features can introduce unexpected risks,” said Qi Deng, Security Researcher at Aurascape. “By working closely with OpenAI, we were able to help close the gap before it could impact customers. It’s a strong example of how responsible disclosure protects enterprises adopting AI.”

Aurascape reported the vulnerability to OpenAI on August 4, 2025. OpenAI confirmed the issue the same day and patched it within two weeks.

“We applaud OpenAI’s rapid response,” said Chris Morosco, Head of Marketing at Aurascape. “For customers, the outcome is clear: stronger protections and greater confidence in deploying AI assistants safely.”

Aurascape Customers Already Protected

Aurascape customers were safeguarded even before the patch. The Aurascape platform gives enterprises fine-grained control over how features like Agent Mode are used, allowing security teams to permit everyday ChatGPT use while limiting advanced functions until they’re fully vetted. This approach ensures organizations can confidently adopt new AI capabilities at their own pace.

The full blog post detailing Aurascape’s findings is available here: Your Agent, My Shell: How We Got a Reverse Shell on OpenAI ChatGPT Agent Mode.

About Aurascape

Aurascape is the AI-native security company, helping enterprises safely adopt generative AI by providing visibility, control, and governance over AI applications. With real-time, intention-based enforcement, Aurascape ensures organizations can embrace AI innovation securely and responsibly.

Contacts

Media Contact:
[email protected]

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Business Wire
    : Author

    Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing profession...

    View all posts
Author:
Stay Ahead with The Readable's Cybersecurity Insights