OpenAI Fixes 'ShadowLeak' Vulnerability That Exposed Emails to AI Agents
OpenAI has addressed a serious security vulnerability, dubbed 'ShadowLeak', which allowed attackers to manipulate its AI agents, like ChatGPT, into revealing sensitive data from emails. The attack occurred entirely server-side, with users unaware of any activity. Radware, a cybersecurity firm, discovered the vulnerability on June 18, 2025. They found that through manipulation techniques, OpenAI's AI agents could be tricked into extracting personal data from emails and transmitting it to external URLs. This was possible due to a flaw in ChatGPT's 'Deep Research' mode, introduced in February 2025, which automatically analyzes information from various sources. The attack began with a manipulated email containing hidden HTML instructions. The AI, acting like a disloyal employee, would then encode sensitive content and send it to external addresses via an internal tool called 'http'. OpenAI acknowledged the vulnerability on September 3, 2025, six weeks after it was reported via the BugCrowd platform. Radware warned that this attack pattern could be transferred to other services, including Google Drive, Outlook, Teams, Notion, or GitHub. The 'ShadowLeak' vulnerability highlights the potential risks of AI agents with internet access. OpenAI has since fixed the issue, but the lack of direct communication with the researchers who discovered it raises concerns. Users are advised to remain vigilant and monitor their AI agents' activities.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Ukraine's Drone Revolution: Rapid Evolution and Countermeasures
- EU's Energy Infrastructure Under Siege: Cyber Attacks Surge 67% in 2025
- Vito Schnabel's Art & Real Estate Fortune Tops €10.4M
