Security researchers have demonstrated how ChatGPT can be tricked into stealing sensitive Gmail data, highlighting new risks tied to agentic AI systems.
The proof-of-concept attack, dubbed “Shadow Leak” and revealed this week by cybersecurity firm Radware, exploited a vulnerability in OpenAI’s Deep Research tool. Deep Research, an AI agent embedded in ChatGPT, can browse the web and access connected services like Gmail, calendars, and documents on behalf of users.
Radware’s team planted a prompt injection—malicious hidden instructions—inside an email sent to a Gmail account linked to Deep Research. Once triggered, the AI agent unknowingly searched for HR emails and personal details, then smuggled the data to attackers, all without alerting the victim. Because the exploit ran directly on OpenAI’s cloud infrastructure, it was invisible to traditional cybersecurity defenses.
Researchers warned that the same method could be applied to other Deep Research connectors, including Outlook, GitHub, Google Drive, and Dropbox, putting highly sensitive business data such as contracts and meeting notes at risk.
OpenAI has since patched the vulnerability, after Radware disclosed it in June. Still, experts caution that AI prompt injection attacks are increasingly being used for scams, manipulation, and data theft, with threats often hidden in plain sight—such as white text on a white background.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
