Attackers abuse shared ChatGPT and Claude chats to spread malware
Threat actors are weaponizing the share-link feature in ChatGPT and Claude to distribute malware payloads disguised as legitimate error messages or setup instructions. Because these conversations live on Anthropic and OpenAI's trusted domains, they bypass traditional email and web filters, creating a new attack surface that exploits user trust in first-party infrastructure. This signals a shift in how LLM platforms themselves become distribution channels for social engineering, forcing both companies to rethink access controls and content moderation on shared artifacts.
Modelwire context
ExplainerThe core danger here isn't the malware payload itself but the delivery wrapper: shared conversation URLs resolve on openai.com and claude.ai, domains that corporate security tools routinely allowlist because they're associated with legitimate productivity use. That structural trust is what makes this category of attack distinct from conventional phishing.
This is largely disconnected from recent activity in our archive, as we have no prior coverage to anchor it to. It belongs, however, to a broader pattern in security research around 'trusted platform abuse,' the same class of problem that previously surfaced with Google Docs, Dropbox links, and GitHub Gists being used as malware staging grounds. The LLM-specific wrinkle is that shared chats can contain formatted, plausible-looking instructional text that a language model's interface renders cleanly, making the social engineering component harder to visually flag than a raw URL drop.
Watch whether OpenAI or Anthropic announce changes to shared-link access controls or content scanning within the next 60 days. If neither company responds with a concrete policy or technical mitigation by late July 2026, that signals they're treating this as a user-education problem rather than a platform-integrity one, which would leave the attack surface open.
This analysis is generated by Modelwire’s editorial layer from our archive and the summary above. It is not a substitute for the original reporting. How we write it.
MentionsChatGPT · Claude · OpenAI · Anthropic
Modelwire Editorial
This synthesis and analysis was prepared by the Modelwire editorial team. We use advanced language models to read, ground, and connect the day’s most significant AI developments, providing original strategic context that helps practitioners and leaders stay ahead of the frontier.
Modelwire summarizes, we don’t republish. The full content lives on the-decoder.com. If you’re a publisher and want a different summarization policy for your work, see our takedown page.