Critical ShadowLeak vulnerability in ChatGPT's Deep Research agent allows hackers to steal Gmail data without user interaction.

 A critical zero-click vulnerability known as "ShadowLeak" was recently discovered in OpenAI's ChatGPT Deep Research agent, exposing users’ sensitive data to stealthy attacks without any interaction required.  Uncovered by Radware researchers and disclosed in September 2025, the vulnerability specifically targeted the Deep Research agent's integration with applications like Gmail. This feature, launched by OpenAI in February 2025, allows the agent to autonomously browse, analyze, and synthesize large amounts of online and personal data to produce detailed reports. The ShadowLeak exploit works through a technique called indirect prompt injection, where an attacker embeds hidden commands in an HTML-formatted email—such as white-on-white text or tiny fonts—that are invisible to the human eye.  When the Deep Research agent reads the booby-trapped email in the course of fulfilling a standard user request (like “summarize my inbox”), it executes those hidden commands. Sensitive Gmail data, including personal or organizational details, is then exfiltrated directly from OpenAI’s cloud servers to an attacker-controlled endpoint, with no endpoint or user action needed. Unlike prior attacks (such as AgentFlayer and EchoLeak) that depended on rendering attacker-controlled content on a user’s machine, ShadowLeak operates purely on the server side. All data transmission and agent decisions take place within OpenAI’s infrastructure, bypassing local, enterprise, or network-based security tools. The lack of client or network visibility means the victim remains completely unaware of the compromise and has no chance to intervene, making it a quintessential zero-click threat. The impact of ShadowLeak is significant, with potential leakage of personally identifiable information (PII), protected health information (PHI), business secrets, legal strategies, and more. It also raises the stakes for regulatory compliance, as such exfiltrations could trigger GDPR, CCPA, or SEC violations, along with serious reputational and financial damage. Radware reported the vulnerability to OpenAI via the BugCrowd platform on June 18, 2025. OpenAI responded promptly, fixing the issue in early August and confirming that there was no evidence the flaw had been exploited in the wild.  OpenAI underscored its commitment to strengthening defenses against prompt injection and similar attacks, welcoming continued adversarial testing by security researchers to safeguard emerging AI agent architectures.

Radware has released its 2025 Global Threat Analysis report. In it, the firm claims that last year saw a noticeable surge in Web Distributed Denial of Service (DDoS) attacks, mostly thanks to AI lowering the security barrier. Radware’s latest report is based on the intelligence provided by 2024 network and app attack activity from its cloud and managed services and the threat intelligence research team.

Mahwah, NJ, 13 marzo 2025 (Globe Newswire) - Radware (NASDAQ: RDWR), leader globale nella sicurezza delle applicazioni e nelle soluzioni di consegna per ambienti multi-cloud, ha annunciato il suo Data Center a Lima, Perù. La nuova struttura fa parte della rete mondiale di Radware di oltre 50 data center, che offre una capacità di mitigazione combinata di 15 Tbps.

Origin

Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data ChatGPT's research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email.…

  If you're using Radware Web Application Firewall (WAF) within your organization for security monitoring, integrating it with Microsoft Sentinel...

Surge in cyberattacks between India and Pakistan, Radware cloud WAF vulnerabilities, xAI key leak exposes LLMs.

Radware issues cybersecurity alert warning of surge in Iranian cyber activity targeting Israeli industrial and critical systems.

AI agents are increasingly being used to search the web, making traditional bot mitigation systems inadequate and opening the door for malicious actors to develop and deploy bots that impersonate…

Radware found that Web DDoS attacks rose by 265% in H1 2024, driven by hacktivist groups amid rising geopolitical tensions

Surge in cyberattacks between India and Pakistan, Radware cloud WAF vulnerabilities, xAI key leak exposes LLMs.

Origin