AI is transforming how businesses handle sensitive data—but a new discovery shows it may also be creating invisible risks. Security researchers at Radware have uncovered a critical zero-click vulnerability, dubbed “ShadowLeak”, in OpenAI’s ChatGPT Deep Research agent. The flaw highlights a growing concern: autonomous AI agents may be powerful, but they’re also potential gateways for stealthy cyberattacks.
What Exactly Is ShadowLeak?
Unlike traditional attacks that require a user to click a malicious link or download a file, ShadowLeak operates silently in the background. Classified by Radware CTO David Aviv as “the quintessential zero-click attack,” it allows sensitive data to be exfiltrated directly from OpenAI’s servers without the victim lifting a finger—or even knowing it’s happening.
This exploit is particularly dangerous because it bypasses end-user devices and enterprise networks. Security teams monitoring endpoints won’t see anything unusual, since the attack unfolds entirely within OpenAI’s cloud infrastructure.
How the Exploit Works
Radware researchers demonstrated that attackers could plant hidden instructions inside something as simple as an email. When the Deep Research agent analyzes that email, it unknowingly follows the malicious commands, leaking private information along the way. From a business perspective, this type of server-side exfiltration leaves almost no forensic evidence.
Pascal Geenens, Radware’s director of cyber threat intelligence, stressed that companies “cannot rely on built-in safeguards alone” when deploying AI-driven workflows. He explained that autonomous agents introduce new attack vectors that traditional security tools aren’t designed to detect.
Why It Matters
The discovery comes at a time when ChatGPT boasts over 5 million paying business users, many of whom rely on AI to sift through emails, contracts, and internal reports. That means a vulnerability like ShadowLeak could have widespread implications for corporate confidentiality.
Unlike conventional phishing or malware campaigns, ShadowLeak represents a new frontier in cyberattacks—one where the AI itself becomes the attack surface. This aligns with a broader trend: as organizations rush to integrate autonomous AI into their workflows, security risks are evolving just as quickly.
How Businesses Can Protect Themselves
Experts emphasize that human oversight and proactive security practices are essential. Organizations should assume that AI-driven workflows can—and eventually will—be manipulated. Recommended strategies include:
- Layered cybersecurity defenses to reduce single points of failure.
- Continuous monitoring of AI workflows for abnormal behavior.
- Strict access controls and permission management for AI tools.
- Logging and auditing of AI activity to spot anomalies early.
- Employee training on emerging AI-related threats.
- Integration of anomaly detection AI to help catch invisible risks.
As Aviv noted, the danger of ShadowLeak lies in its invisibility. That means prevention—not just detection—must be the priority.
The Bigger Picture
ShadowLeak is the first documented example of a purely server-side, zero-click AI exploit. While OpenAI has not publicly commented on the findings, the case underscores a critical truth: autonomous AI agents are not just productivity tools—they’re also emerging targets in cybersecurity.
Enterprises embracing AI should treat these systems as high-risk endpoints, even if they exist only in the cloud. Without rigorous oversight, the same technology designed to make work easier could quietly leak the very data it was meant to protect.
AI is shaping the future of business, but vulnerabilities like ShadowLeak show that security can’t be an afterthought. How do you think companies should balance the promise of AI with its potential risks?
