AI bug leaked Gmail data before OpenAI patch
NEWNow you can listen to News articles!
A new cybersecurity warning reveals how hackers briefly weaponized ChatGPT’s deep investigation tool. The attack, called ShadowLeak, allowed them to steal data from Gmail through a single invisible message: no clicks, no downloads, and no user action required.
Radware researchers discovered the zero-click vulnerability in June 2025. OpenAI patched it in early August after receiving a notification, but experts warn that similar flaws could reappear as artificial intelligence (AI) integrations expand across popular platforms like Gmail, Dropbox, and SharePoint.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM/NEWSLETTER
HACKER EXPLOITS AI CHATBOT IN CYBER CRIME WAVE
Gmail data was leaked in a no-click attack that required no user action. (Kurt “CyberGuy” Knutsson)
How the ShadowLeak attack worked
Attackers embedded hidden instructions in an email using white-on-white text, small fonts, or CSS layout tricks. The email seemed completely harmless. But when a user later asked ChatGPT’s Deep Research agent to analyze their Gmail inbox, the AI unknowingly executed the attacker’s commands.
The agent then used its built-in browser tools to leak sensitive data to an external server, all within OpenAI’s own cloud environment, out of the reach of antivirus or enterprise firewalls.
Unlike previous rapid injection attacks that ran on the user’s device, ShadowLeak ran entirely in the cloud, making it invisible to local defenses.
GOOGLE CONFIRMS DATA STOLEN IN BREACH BY A KNOWN HACKER GROUP
Hidden prompts expose how hackers silently hijacked ChatGPT’s AI agent. (Kurt “CyberGuy” Knutsson)
Why is this threat important?
The Deep Research agent was designed to perform multi-step investigations and summarize online data, but its broad access to third-party apps like Gmail, Google Drive, and Dropbox also opened the door to abuse.
Radware researchers said the attack involved encoding personal data in Base64 and appending it to a malicious URL, disguised as a “security measure.” Once dispatched, the agent believed he was acting normally.
The real danger lies in the fact that any connector could be exploited in the same way if attackers manage to hide messages in the analyzed content.
What security experts say
“The user never sees the message. The email appears normal, but the agent follows the hidden commands without question,” the researchers explained.
In a separate experiment, security company SPLX showed another weakness: ChatGPT agents could be tricked into solving CAPTCHAs by inheriting a manipulated conversation history. Researcher Dorian Schultz noted that the model even mimicked human cursor movements, avoiding tests aimed at blocking robots.
These incidents highlight how context poisoning and immediate manipulation can silently break AI safeguards.
GOOGLE AI EMAIL SUMMARY CAN BE HACKED TO HIDE PHISHING ATTACKS
Experts warn that future AI integrations could face the same hidden threat. (Kurt “CyberGuy” Knutsson)
How to protect yourself from ShadowLeak style attacks
Although OpenAI has fixed the ShadowLeak issue, it’s smart to stay proactive. Cybercriminals are always looking for new ways to exploit AI integrations and agents, so taking these precautions now can help keep your accounts and personal data safe.
1) Disable unused integrations
Every connection is a potential entry point. Disable any integrations you’re not actively using, such as Gmail, Google Drive, or Dropbox. Fewer linked apps mean fewer ways for hidden messages or malicious scripts to access your information.
2) Use a personal data deletion service
Limit the amount of your personal data floating around the web. Data removal services can automatically remove your private data from people search sites and data broker databases, reducing what attackers can find and use against you. While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.
3) Avoid analyzing unknown content
Treat every email, attachment or document with caution. Do not ask AI tools to analyze content from suspicious or unverified sources. Hidden text, invisible code, or design tricks could trigger silent actions that expose your private data.
4) Stay tuned for security updates
Stay alert for updates from OpenAI, Google, Microsoft and other platforms. Security patches close newly discovered vulnerabilities before hackers can exploit them. Activate automatic updates to always be protected without having to think about it.
5) Use powerful antivirus software
A strong antivirus program adds another wall of defense. These tools detect phishing links, hidden scripts, and AI-powered exploits before they cause damage. Schedule regular scans and keep your protection up to date.
The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
6) Use layered protection
Think of your security as an onion; More layers make it harder to break. Keep your browser, operating system, and endpoint security software fully up to date. Add threat detection and real-time email filtering to block malicious content before it reaches your inbox.
Kurt’s Key Takeaways
AI is evolving faster than most security systems can keep up. Even when companies act quickly to patch vulnerabilities, clever attackers find new ways to exploit integrations and contextual memory. Staying alert and limiting access to your AI agents is your best defense.
Would you still trust an AI assistant to access your personal email after knowing how easy it is to trick it? Let us know by writing to us at Cyberguy.com..
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.