SCWorld.com reported that “Security Affairs reports that OpenAI’s artificial intelligence chatbot ChatGPT has been impacted by a zero-click flaw, which could be exploited to facilitate a server-side data theft intrusion via malicious emails.” The September 19, 2025 report entitled “Novel ShadowLeak attack against ChatGPT discovered, addressed” (https://www.scworld.com/brief/novel-shadowleak-attack-against-chatgpt-discovered-addressed) included these comments:
Attackers could distribute illicit emails with concealed HTML instructions ordering personally identifiable information exfiltration from email inboxes, according to Radware researchers.
“The leak is Service-side, occurring entirely from within OpenAI’s cloud environment. The agent’s built-in browsing tool performs the exfiltration autonomously, without any client involvement,” said researchers.
OpenAI has already moved to address the vulnerability after being informed by Radware. While email sanitization could be implemented to thwart nefarious messages, such a threat request continuous agent behavior tracking, researchers said.
“A more robust mitigation is continuous agent behavior monitoring: tracking both the agent’s actions and its inferred intent and validating that they remain consistent with the user’s original goals. This alignment check ensures that even if an attacker steers the agent, deviations from legitimate intent are detected and blocked in real time,” they added.
Bad news and good news….be careful out there!
First published at https://www.vogelitlaw.com/blog/nbspchatgpt-bad-news-and-good-news-attack-against-chatgpt-discovered-and-addressed