New Attack on ChatGPT Research Agent Pilfers Secrets From Gmail Inboxes

New attack, ShadowLeak, exploits OpenAI's Deep Research agent to extract confidential Gmail data without user interaction. Utilizing prompt injection, attackers access emails and exfiltrate information to their servers, bypassing security. Despite known vulnerabilities, mitigating measures were implemented only after the attack was alerted. Users should reconsider connecting LLMs to sensitive information due to ongoing risks.

https://arstechnica.com/information-technology/2025/09/new-attack-on-chatgpt-research-agent-pilfers-secrets-from-gmail-inboxes/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top