Aurascape announced on August 26, 2025, that its Aura Labs research team identified and responsibly disclosed a vulnerability in OpenAI’s ChatGPT Agent Mode, which was promptly patched by OpenAI within two weeks. The discovery reinforces trust in AI adoption by demonstrating effective collaboration in addressing security risks.
ChatGPT’s Agent Mode, launched in July 2025, enables the AI to run code, browse the web, and perform tasks in a temporary cloud-based “workspace” using Linux virtual machines on Azure. Aura Labs discovered a flaw that could allow unintended manipulation of this environment, potentially enabling users to bypass safeguards and misuse the feature. While the issue was confined to short-lived VMs tied to individual sessions and did not compromise customer data, it highlighted risks in rapidly deployed AI features. “Our research showed how quickly new AI features can introduce unexpected risks,” said Qi Deng, Security Researcher at Aurascape.
Aurascape reported the vulnerability to OpenAI on August 4, 2025, and OpenAI confirmed it the same day, releasing a patch within two weeks. “We applaud OpenAI’s rapid response,” said Chris Morosco, Head of Marketing at Aurascape. The swift resolution underscores the importance of responsible disclosure in maintaining enterprise trust in AI. Aurascape’s platform, which provides visibility and control over AI features, ensured its customers were protected even before the patch.
The AI security market, valued at $15B in 2024, is projected to grow at a 20% CAGR through 2030, per Gartner, driven by increasing AI adoption and vulnerabilities. Aurascape, founded in 2023 with $50M in funding, specializes in AI-native security, competing with firms like Zscaler. The vulnerability aligns with other recent findings, such as a ChatGPT Connectors flaw reported at DefCon 2025, emphasizing the need for robust AI governance. Aurascape’s blog, Your Agent, My Shell: How We Got a Reverse Shell on OpenAI ChatGPT Agent Mode, details their findings, reinforcing their expertise.
Aurascape’s proactive discovery and collaboration with OpenAI highlight its leadership in securing AI-driven environments. The company’s platform enables enterprises to safely adopt features like Agent Mode by offering fine-grained control, aligning with tightened compliance requirements like those from Visa and Mastercard. This milestone, following Aurascape’s April 2025 funding round, strengthens its position in the $20B enterprise AI market.
Aurascape is the AI-native security company, helping enterprises safely adopt generative AI by providing visibility, control, and governance over AI applications. With real-time, intention-based enforcement, Aurascape ensures organizations can embrace AI innovation securely and responsibly.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.