Hackers used ChatGPT to gather Gmail information through a ShadowLeak attack

A recent cybersecurity alert has unveiled a concerning vulnerability involving ChatGPT’s Deep Research tool, which hackers temporarily exploited. This incident, termed ShadowLeak, enabled the theft of Gmail data through a single hidden prompt, requiring no user actions like clicks or downloads. Researchers from Radware identified this zero-click vulnerability in June 2025, and OpenAI rolled out a fix in early August after notification. However, experts caution that such vulnerabilities could resurface as AI integration grows in platforms like Gmail, Dropbox, and SharePoint.

The ShadowLeak attack worked by embedding hidden instructions in seemingly innocuous emails using tactics like white-on-white text or tiny fonts. When users queried ChatGPT’s Deep Research tool about their Gmail inbox, the AI unknowingly executed the attackers’ commands, using built-in browser tools to send sensitive information to external servers within OpenAI’s cloud, effectively eluding antivirus and enterprise firewalls. Unlike earlier prompt injection techniques that occurred directly on the user’s device, this one operated entirely in the cloud, slipping past local security measures.

The implications of this threat are significant. The Deep Research agent, meant to assist with extensive analyses and summarizations, had broad access to various applications, making it susceptible to manipulation. According to Radware’s research, the attackers encoded personal data and attached it to a malicious URL disguised as a security measure. The agent, believing it was functioning correctly, inadvertently transmitted the data.

Security experts note that the user would be unaware of this exploitation, as the email would appear normal while the agent operates on hidden commands. Additionally, another vulnerability was discovered by security firm SPLX, indicating a ChatGPT agent could also be misled into completing CAPTCHA tasks by leveraging altered conversation history.

In light of these discoveries, experts suggest taking proactive measures to minimize risks related to similar attacks, even if the ShadowLeak flaw gets patched. Here are some recommended steps:

1. Disable Unused Integrations: Each connection is a potential vulnerability, so it’s wise to turn off integrations you don’t regularly use.

2. Utilize Data Deletion Services: To mitigate personal information exposure online, these services can systematically remove your data from various websites, enhancing privacy, albeit at a cost.

3. Be Cautious with Unknown Content: Exercise care with emails and documents from unverified sources, as they can conceal malicious code.

4. Stay Updated on Security Measures: Regularly check for security updates from platforms like OpenAI and Google to address discovered vulnerabilities.

5. Invest in Reliable Antivirus Software: This adds an extra layer of defense by detecting and stopping threats before they inflict damage.

6. Implement Multiple Layers of Security: Keeping software updated and employing real-time threat detection can help block malicious content effectively.

In summary, as AI technology develops rapidly, maintaining vigilance is imperative. While safeguards are being put in place, savvy attackers continuously seek loopholes to exploit. It’s crucial to limit what AI agents can access and stay informed about potential risks.