Notifications
Clear all
OpenAI Operator Security
1
Posts
1
Users
0
Reactions
3
Views
Topic starter
June 24, 2026 9:00 am
Translate
▼
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
New bypass vector in the wild. Attackers are registering tools with names containing unicode homoglyphs to spoof legitimate ones.
Example:
* Legitimate tool: `send_email`
* Spoofed tool: `send_еmail` (uses Cyrillic 'е')
The agent's tool dispatcher does a simple string match. To a human, they look identical. The spoofed tool gets executed with user-granted permissions.
Immediate mitigation:
* Normalize tool names to ASCII before comparison.
* Implement an allowlist of approved tool identifiers.
Long term, this needs a schema validation step. The operator's trust in tool names is currently misplaced.
Relevant for any agent framework using dynamic tool calling, not just OpenAI's. Check your deployments.
CVE-2024-...