A new cybersecurity alert describes how hackers momentarily abused ChatGPT’s Deep Research feature. The ShadowLeak technique enables them to collect Gmail data with a single invisible prompt, requiring no clicks, downloads, or user action.
Radware researchers identified the zero-click vulnerability in June 2025. OpenAI corrected it in early August after being contacted, but experts fear that similar issues may resurface as artificial intelligence (AI) integrations spread across major platforms such as Gmail, Dropbox, and SharePoint.
White-on-white text, small fonts, and CSS layout trickery were used by attackers to include concealed instructions in an email. The email seemed entirely harmless. However, when a user later asked ChatGPT’s Deep Research agent to inspect their Gmail inbox, the AI unintentionally executed the attacker’s requests.
The agent then utilized its built-in browser features to send sensitive data to an external server, all from within OpenAI’s own cloud environment and beyond the reach of antivirus or business firewalls.
Unlike prior prompt-injection assaults that operated on the user’s device, ShadowLeak took place fully in the cloud, rendering it undetectable to local defenses.
The Deep Research agent was supposed to undertake multistep research and synthesize web material, but its broad access to third-party programs like as Gmail, Google Drive, and Dropbox made it vulnerable to exploitation.
Radware researchers stated that the attack included encoding personal data in Base64 and attaching it to a malicious URL disguised as a “security measure.” Once sent, the agent assumed it was behaving normally.
The true risk is that any connection might be abused in the same way if attackers can disguise prompts in processed content.
“The user never sees the prompt.” “The email appears normal, but the agent blindly follows the hidden commands,” the researchers noted.
In a related experiment, security firm SPLX demonstrated another flaw: ChatGPT agents might be duped into answering CAPTCHAs by inheriting a manipulated chat history. According to researcher Dorian Schultz, the model even matched human cursor motions, avoiding anti-bot testing.
These events demonstrate how context poisoning and prompt manipulation may covertly undermine AI security.
Even though OpenAI has corrected the ShadowLeak problem, it is prudent to remain proactive. Cybercriminals are constantly seeking for new methods to exploit AI agents and integrations, so adopting these safeguards now will help protect your accounts and personal data.
Each connection is a possible access point. Disable any connections that you aren’t currently utilizing, such as Gmail, Google Drive, or Dropbox. Fewer connected apps means fewer opportunities for hidden prompts or malicious scripts to access your data.
Limit the amount of personal information you share on the internet. Data removal services can automatically erase your personal information from people-search sites and data broker databases, limiting what attackers can discover and use against you. While no service can guarantee total removal of your data from the internet, a data removal service is an excellent solution. They are not inexpensive, nor is your privacy. These services handle all of the work for you, actively monitoring and removing your personal information from hundreds of websites. It provides people peace of mind and has shown to be the most efficient technique to remove personal information from the internet. Limiting the information available reduces the danger of fraudsters cross-referencing data from breaches with information found on the dark web, making it more difficult for them to target you.
Every email, attachment, and document should be treated with caution. Do not use AI techniques to examine material from unconfirmed or dubious sources. Hidden text, invisible code, or layout techniques may activate quiet activities that reveal your personal information.
Stay tuned for updates from OpenAI, Google, Microsoft, and other platforms. Security updates address newly found vulnerabilities before hackers can exploit them. Enable automatic updates so you are constantly protected without having to worry about it.
A robust antivirus application offers another layer of protection. These technologies identify phishing URLs, hidden scripts, and AI-powered attacks before they may cause harm. Schedule frequent scans to ensure your protection is up to date.
The easiest approach to protect yourself against bad links that install malware and potentially access your personal information is to install robust antivirus software on all of your devices. This protection can also alert you to phishing emails and ransomware schemes, ensuring that your personal information and digital assets are protected.
Consider your security like an onion; adding layers makes it more difficult to break. Keep your browser, operating system, and endpoint security software up to date. Add real-time threat detection and email filtering to prevent dangerous information from reaching your inbox.
