ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

September 19, 2025 Yanac

Radware discovered a server-side data theft attack, dubbed ShadowLeak, targeting ChatGPT. OpenAI patched the zero-click vulnerability. Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connected to Gmail and browsing. The researchers explained that using a crafted email could trigger the agent toSecurity AffairsRead More