OpenAI has patched a vulnerability called “ShadowLeak” that could allow attackers to steal sensitive information via ChatGPT’s Deep Research agent. The exploit involved sending malicious emails that enabled covert data exfiltration without user interaction. #OpenAI #DeepResearch #ShadowLeak #Vulnerability #Cyberattack
Keypoints
- The “ShadowLeak” vulnerability allowed attackers to exfiltrate data through email-triggered prompts on Deep Research.
- The attack was a zero-click exploit, requiring no user interaction to steal sensitive information.
- Radware discovered and reported the vulnerability to OpenAI, which fixed the issue by early August.
- The attack could be masked with subtle tricks like tiny fonts or white-on-white text in emails.
- Researchers warn that the exploit could be used across multiple external connectors beyond Gmail.
Read More: https://therecord.media/openai-fixes-zero-click-shadowleak-vulnerability