Researchers uncovered ShadowLeak, a sophisticated server-side data theft attack targeting ChatGPT’s Deep Research feature, which was mitigated by OpenAI. The attack involved malicious emails instructing the AI to silently exfiltrate sensitive data, highlighting emerging AI security risks. #ShadowLeak #OpenAI #DeepResearch
Keypoints
- ShadowLeak is a service-side data exfiltration attack targeting ChatGPT’s Deep Research capability.
- The attack was executed through malicious emails with hidden instructions for data theft.
- Unlike other attacks, ShadowLeak occurred entirely on the server side, leaving minimal traces.
- OpenAI fixed the vulnerability after being notified by Radware in early August.
- Continuous agent monitoring and behavior validation are recommended to prevent similar attacks.
Read More: https://www.securityweek.com/chatgpt-deep-research-targeted-in-server-side-data-theft-attack/