All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Security Researchers Discover ChatGPT Vulnerability That Could Extract Sensitive Gmail Data

By

Robert Hart

8mo ago· 3 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Master baker tier. Every paragraph earns its place on the tray.

Score85TypenewsSentimentnegative

Summary

Security researchers from Radware discovered a vulnerability called 'Shadow Leak' that allowed ChatGPT to be manipulated into extracting sensitive data from Gmail inboxes without user detection. The exploit took advantage of how AI agents operate with autonomous access to personal accounts. While OpenAI has patched this specific vulnerability, the incident highlights emerging security risks with agentic AI systems that can access web services and click links on behalf of users. Researchers warned similar exploits could target other platforms like Dropbox, GitHub, and Google Drive to steal sensitive business data.

Key quotes

· 5 pulled
Security researchers employed ChatGPT as a co-conspirator to plunder sensitive data from Gmail inboxes without alerting users
The vulnerability exploited has been closed by OpenAI but it's a good example of the new risks inherent to agentic AI
The heist, called Shadow Leak and published by security firm Radware this week, relied on a quirk in how AI agents work
AI Agents are assistants that can act on your behalf without constant oversight, meaning they can surf the web and click on links
They warned similar exploits could target tools like Dropbox, GitHub, and Google Drive and be used to steal highly sensitive business data
Snippet from the RSS feed
They warned similar exploits could target tools like Dropbox, GitHub, and Google Drive and be used to steal highly sensitive business data.

You might also wanna read

Security Flaw in ChatGPT for Google Sheets Enables Data Exfiltration via Prompt Injection

OpenAI's ChatGPT extension for Google Sheets, which has over 185,000 downloads in less than a month, is vulnerable to indirect prompt inject

promptarmor.com·12h ago

ChatGPT User Conversations Leaking into Google Search Console, Revealing Private Data

ChatGPT conversations containing personal and sensitive information have been leaking into Google Search Console, a tool typically used by d

arstechnica.com·6mo ago

Security Vulnerability: Google's Antigravity AI Susceptible to Indirect Prompt Injection Attacks

The article describes a security vulnerability where Google's Antigravity AI system (likely referring to Gemini) can be manipulated through

promptarmor.com·6mo ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

theregister.com·1d ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

buff.ly·2d ago

Prompt Injection Attacks: The Top Security Threat Hijacking AI Chatbots

Prompt injection attacks are a critical security vulnerability in AI systems where hidden instructions within user data (like emails or docu

buff.ly·16h ago