Threat Intel

ChatGPT Targeted in Server-Side Data Theft Attack

Researchers at Radware discovered a server-side data theft attack method targeting ChatGPT’s Deep Research capability, dubbed ShadowLeak.
ShadowLeak allowed attackers to silently collect and exfiltrate valuable data without user interaction by sending a specially crafted email.
Unlike client-side attacks, ShadowLeak operated on the server side, making it harder to detect and trace.
The attack involved hidden instructions in emails that triggered data exfiltration when the user interacted with ChatGPT.
Data was exfiltrated through request parameters to an attacker-controlled URL, originating directly from OpenAI’s servers.
The attack was cleverly designed to bypass security checks by convincing the AI that the exfiltrated data was public and the URL was safe.
Deep Research can access various enterprise services, including Gmail, Google Drive, Dropbox, and Microsoft Teams, making it a broad target.
OpenAI was notified of the vulnerability on June 18 and fixed it by early August, with Radware confirming the attack no longer works.
Radware believes there is still a significant undiscovered threat surface for similar attacks.
The security firm recommends continuous agent behavior monitoring to mitigate such attacks by ensuring alignment with user intent.