AI Safety and Regulation
September 18, 2025

ShadowLeak: The first service-side leaking, zero-click indirect prompt injection vulnerability

ShadowLeak, a zero-click vulnerability in ChatGPT’s Deep Research agent. It allows attackers to embed hidden HTML in emails, causing data exfiltration without the user needing to take any action.

ShadowLeak in OpenAI’s ChatGPT Deep Research agent. The flaw exploited enterprise Gmail integrations with web browsing enabled. Attackers could send emails containing invisible HTML instructions, which the agent executed when asked to summarize or analyze inbox messages.

This triggered the agent, running on OpenAI’s servers, to exfiltrate sensitive data to attacker-controlled sites, without any clicks or user awareness.

Radware described this as the first service-side, zero-click indirect prompt injection. OpenAI confirmed the issue after responsible disclosure and has since patched the vulnerability.

#
OpenAI

Read Our Content

See All Blogs
Gen AI

GPT Live: OpenAI's new voice model built for real conversation

Deveshi Dabbawala

July 9, 2026
Read more
AWS

GoML achieves AWS Healthcare Competency Partnership ahead of launch of upcoming health platform

Siddharth Menon

July 6, 2026
Read more