Researchers monitoring consented mobile traffic have unpacked how OpenAI’s ChatGPT ads are stitched into the conversation stream. When a user prompts the model, the backend opens an SSE endpoint at chatgpt.com/backend-api/f/conversation and injects a structured single_advertiser_ad_unit payload alongside normal model output. Each ad carries an advertiser ID, brand assets hosted on bzrcdn.openai.com, and four Fernet‑encrypted tokens that tie the impression to a later click for each request.

On the merchant side, OpenAI serves a lightweight OAIQ SDK (version 0.1.3) from the same CDN. The click URL embeds two of the Fernet tokens—oppref and olref—and the SDK copies oppref into a first‑party cookie __oppref that survives for 30 days. Subsequent pixel calls POST JSON to bzr.openai.com, allowing OpenAI to reconcile views, clicks, and downstream merchant events, and logs them for billing purposes.

Observed traffic shows contextual targeting: a conversation about Chinese food surfaced a Grubhub carousel card, while travel queries pulled ads from GetYourGuide or Axel. Each ad’s four‑token chain can be decoded to reveal mint timestamps, exposing a 95‑second gap between click generation and page load in a sample Home Depot link. Blocking bzrcdn.openai.com and bzr.openai.com cuts the entire attribution loop in the observed dataset.