Overview

• Cybersecurity firm SentinelOne uncovered a spam campaign using AkiraBot to exploit OpenAI's chat API and evade spam detection systems.
• The operation targeted small and medium-sized businesses, delivering customized spam messages through contact forms and chat widgets.
• AkiraBot successfully sent spam to over 80,000 websites and attempted to target approximately 420,000 sites between September 2024 and early 2025.
• OpenAI revoked the spammers' account after being notified by SentinelOne, acknowledging the violation of its terms of service.
• The case highlights the risks of AI misuse, prompting calls for stronger safeguards to prevent abuse while maintaining the benefits of advanced AI tools.