Particle.news

Download on the App Store

OpenAI Fixes 'ShadowLeak' After Radware Exposes Server-Side Data Leak in ChatGPT Deep Research

Exfiltration from OpenAI’s cloud left few local traces, prompting calls for continuous agent monitoring.

Overview

  • Radware detailed a zero‑click method that used hidden instructions in emails to make the Deep Research agent extract inbox data and send it to attacker URLs without any visible UI.
  • The leak originated from OpenAI’s servers via agent web requests that embedded sensitive information in URL parameters, leaving minimal client‑side evidence.
  • Radware reported the issue on June 18, OpenAI implemented a fix in early August, and the company acknowledged the resolution on September 3, with Radware confirming the exploit no longer works.
  • Although the proof of concept used Gmail, Radware said the same technique could affect other Deep Research connectors, including Google Drive, Dropbox, Outlook, Microsoft Teams, GitHub, HubSpot, and Notion.
  • Radware contrasted the server‑side nature of ShadowLeak with prior client‑side demonstrations and urged enterprises to monitor agent actions and intent to detect and block exfiltration attempts in real time.