AI Security Breach: ShadowLeak Exposes OpenAI’s Invisible Email Threat!

Researchers at Radware have uncovered a flaw in OpenAI’s ChatGPT Deep Research tool that allows hackers to swipe data like a sneaky ninja in a zero-click attack. Dubbed ShadowLeak, this service-side exfiltration operates right under users’ noses, making it a perfect candidate for the “Most Inconvenient Data Breach” award.

3P
Published: September 22, 2025 10:14 amAdded: September 22, 2025 at 3:34 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, it seems like AI has taken a page from Houdini’s book: now you see your data, now you don’t! Thanks to a sneaky vulnerability known as ShadowLeak, it turns out your AI buddy might just be moonlighting as a magician for the cybercriminals, pulling your emails out of their hat without a single click from you. Magic? More like tragic!

Key Points:

  • Radware discovered a vulnerability in OpenAI’s ChatGPT Deep Research agent called ShadowLeak.
  • ShadowLeak is a zero-click attack embedded in emails, leading AI to leak private data.
  • This attack uses a method known as indirect prompt injection.
  • The flaw was responsibly reported to OpenAI and fixed by early August 2025.
  • Similar attacks could potentially target other services linked with the AI tool.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?