Cybersecurity researchers have revealed a zero-click flaw in the Deep Research agent of OpenAI ChatGPT, which potentially exposes Gmail inbox data with no user interaction required. This vulnerability, codenamed ShadowLeak by Radware, was disclosed to OpenAI on June 18, 2025, and subsequently patched in early August of the same year. The implications of such a flaw are significant, as it opens up new avenues for attackers to exploit user data through deceptive email tactics.
The ability to access sensitive information without the need for user engagement raises concerns about the security of AI systems and their integration with personal data. Attackers can leverage this type of vulnerability to conduct mass phishing campaigns or targeted attacks without raising any suspicion from the victims. This emphasizes the need for continuous monitoring and enhancement of security measures in AI technologies, as they become more integrated into everyday applications and services.
As organizations increasingly rely on AI tools for productivity and communication, understanding and mitigating such vulnerabilities is crucial. The cyber threat landscape is continually evolving, and maintaining user trust hinges on the robustness of security protocols around these AI-driven tools. Organizations must prioritize cybersecurity training and awareness to ensure that users remain vigilant against such potential threats.
👉 Pročitaj original: The Hacker News
