Hackers weaponized ChatGPT to steal Gmail data with ShadowLeak attack
NEWYou can now listen to Fox News articles!
A new cybersecurity alert reveals how hackers briefly weaponized ChatGPT’s Deep Research tool. The attack, called ShadowLeak, allowed them to steal Gmail data through a single invisible prompt: no clicks, no downloads, and no user action required.
Researchers at Radware discovered the zero-click vulnerability in June 2025. OpenAI patched it in early August after it was notified, but experts warn similar flaws could resurface as artificial intelligence (AI) integrations expand across popular platforms like Gmail, Dropbox and SharePoint.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM/BULLETIN
HACKER USES AI CHATBOT IN CYBER CRIME STUDY
Gmail data was leaked in a zero-click attack that required no user action. (Kurt “CyberGuy” Knutsson)
How did the ShadowLeak attack work?
Attackers placed secret instructions in an email using white-on-white text, small fonts, or CSS layout tricks. The email seemed completely harmless. But then when a user asked ChatGPT’s Deep Research representative to analyze his Gmail inbox, the AI unknowingly executed the attacker’s commands.
The middleman then leaked sensitive data to an external server using built-in browser tools; all of this was in OpenAI’s own cloud environment, beyond the reach of antivirus or corporate firewalls.
Unlike previous rapid injection attacks performed on the user’s device, ShadowLeak emerged entirely in the cloud and became invisible to local defenses.
GOOGLE CONFIRMED DATA WAS STOLEN WHEN BREACHED BY KNOWN HACKER GROUP
Secret prompts reveal how hackers quietly took over ChatGPT’s AI agent. (Kurt “CyberGuy” Knutsson)
Why is this threat important?
The Deep Research agent was designed to perform multi-step research and summarize online data, but its broad access to third-party applications such as Gmail, Google Drive, and Dropbox also opened the door to abuse.
Radware researchers said the attack involved encoding personal data in Base64 and appending it to a malicious URL disguised as a “security measure.” He believed that he was acting normally after the agent was sent away.
The real danger lies in the fact that any connector can be exploited in the same way if attackers manage to hide prompts in the analyzed content.
What security experts say
“The user never sees the prompt. The email appears normal, but the agent follows hidden commands without question,” the researchers explained.
In a separate experiment, security firm SPLX demonstrated another weakness: ChatGPT agents could be tricked into solving CAPTCHAs by inheriting a manipulated conversation history. Researcher Dorian Schultz stated that the model even mimics human cursor movements, bypassing tests aimed at blocking bots.
These incidents highlight how context poisoning and ad-hoc manipulation can silently breach AI protections.
GOOGLE AI EMAIL SUMMARIES CAN BE HACKED TO HIDE PHISHING ATTACKS
Experts warn that future AI integrations may face the same hidden threat. (Kurt “CyberGuy” Knutsson)
How do you protect yourself from ShadowLeak-style attacks?
Although OpenAI has fixed the ShadowLeak flaw, it is wise to remain proactive. Cybercriminals are always looking for new ways to exploit AI agents and integrations; so taking these precautions now can help keep your accounts and personal data safe.
1) Close unused integrations
Every link is a potential entry point. Disable integrations such as Gmail, Google Drive or Dropbox that you do not actively use. Fewer connected apps means fewer ways for hidden prompts or malicious scripts to access your information.
2) Use personal data removal service
Limit how much of your personal data travels online. Data removal services can automatically remove your private details from people search sites and data broker databases, reducing what attackers can find and use against you. While no service can guarantee complete removal of your data from the internet, a data removal service is truly a smart choice. They’re not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to delete your personal data from the internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data obtained from breaches with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and run a free scan to see if your personal information is already on the internet by visiting: cyberguy.com.
Take advantage of free scanning to find out if your personal information is already on the internet: cyberguy.com.
3) Avoid analyzing unknown content
Treat every email, attachment, or document with caution. Don’t ask AI tools to analyze content from unverified or questionable sources. Hidden text, invisible code or layout tricks can trigger silent actions that reveal your private data.
4) Watch for security updates
Be on the lookout for updates from OpenAI, Google, Microsoft and other platforms. Security patches close newly discovered vulnerabilities before hackers can exploit them. Turn on automatic updates so you’re always protected without having to think about it.
5) Use strong antivirus software
A powerful antivirus program adds another wall of defense. These tools detect phishing links, hidden scripts, and AI-driven exploits before they can cause harm. Schedule regular scans and keep your protection up to date.
The best way to protect yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection also keeps your personal information and digital assets safe by alerting you to phishing emails and ransomware scams.
Get my picks for the 2025 best antivirus protection winners for your Windows, Mac, Android, and iOS devices at: cyberguy.com.
6) Use layered protection
Think of your security like an onion; more layers make it harder to break. Keep your browser, operating system, and endpoint security software fully updated. Add real-time threat detection and email filtering to block malicious content before it hits your inbox.
Kurt’s important takeaways
Artificial intelligence is evolving faster than most security systems can keep up. Even as companies try to quickly fix vulnerabilities, clever attackers are finding new ways to exploit integrations and context memory. Being careful and limiting what your AI agents can access is your best defense.
Would you still trust an AI assistant with access to your personal email after learning how easily it can be fooled? Let us know by writing to us. cyberguy.com..
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.
Copyright 2025 CyberGuy.com. All rights reserved.
