Researchers uncover server-side attack exploiting AI research capabilities

Web security company Radware discovered a server-side data theft attack called ShadowLeak that targeted ChatGPT’s Deep Research capability without requiring user interaction. Attackers could send specially crafted emails containing hidden instructions that would trigger when users asked ChatGPT to summarize emails or research topics from their inbox. The attack exfiltrated data through parameters in requests to attacker-controlled URLs, with the malicious web requests originating directly from OpenAI’s cloud infrastructure rather than passing through the ChatGPT client. OpenAI was notified about the vulnerability on June 18 and fixed it by early August, though Radware believes a significant threat surface remains undiscovered.

Read more:

https://www.securityweek.com/chatgpt-deep-research-targeted-in-server-side-data-theft-attack/