Hackers weaponized ChatGPT to steal Gmail data with ShadowLeak attack

A new cybersecurity warning reveals how hackers briefly used the weapon ChatGPT deep search tool. The attack, called ShadowLeak, allowed them to steal Gmail data with a single, invisible message: no clicks, no downloads, and no user action required.

Researchers at Radware discovered the zero-click vulnerability in June 2025. OpenAI patched it in early August after being notified, but experts warn that similar flaws could appear again with… Artificial Intelligence (AI) Integrations are expanding across popular platforms like Gmail, Dropbox, and SharePoint.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM/NEWSLETER

Hacker exploits automated chatbot in cybercrime wave

Gmail data leaked in a zero-click attack that requires no user action. (Kurt “CyberGuy” Knutson)

How does the ShadowLeak attack work?

Attackers embed hidden instructions in an email using white-on-white text, small fonts, or CSS layout tricks. The email seemed completely harmless. But when a user later asked ChatGPT’s deep research agent to analyze his Gmail inbox, the AI ​​inadvertently executed the attacker’s commands.

The agent then used its built-in browser tools to leak sensitive data to an external server, all within OpenAI’s cloud environment, beyond the reach of enterprise antivirus software or firewalls.

Unlike previous flash injection attacks that were carried out on the user’s device, ShadowLeak spread entirely in the cloud, making it invisible to on-premises defenses.

GOOGLE confirms that the stolen data was compromised by a known hacker group

Hidden claims reveal how hackers silently hijacked ChatGPT’s AI agent. (Kurt “CyberGuy” Knutson)

Why does this threat matter?

The Deep Research agent is designed to perform multi-step searches and summarize data online, but its broad access to third-party apps like Gmail, Google Drive, and Dropbox has also opened the door to abuse.

Radware researchers said the attack involved Encoding personal data in Base64 and appended to a malicious URL, disguised as a “security measure.” Once he was sent, the agent thought he was acting normally.

The real danger lies in the fact that any link can be exploited in the same way if attackers can hide claims in the analyzed content.

What security experts say

“The user never sees the prompt. The email appears normal, but the agent follows hidden commands without question,” the researchers explained.

In a separate experiment, security firm SPLX demonstrated another vulnerability: ChatGPT agents can be tricked into solving CAPTCHAs by inheriting tampered conversation history. Researcher Dorian Schultz noted that the model mimics human cursor movements, bypassing tests aimed at banning robots.

These incidents highlight how context poisoning and instantaneous manipulation can silently breach AI safeguards.

GOOGLE AI’S EMAIL DIGESTS CAN BE HACKED TO HIDE PHISHING ATTACKS

Experts warn that future AI integrations may face the same hidden threat. (Kurt “CyberGuy” Knutson)

How to protect yourself from ShadowLeak attacks

Although OpenAI has patched the ShadowLeak vulnerability, it’s smart to remain proactive. Cybercriminals are always looking for new ways to exploit AI agents and integrations, so taking these precautions now can help keep your accounts and personal data safe.

1) Turn off unused integrations

Every connection is a potential entry point. Disable any integrations you don’t actively use, such as Gmail, Google Drive, or Dropbox. Fewer associated apps means fewer ways for hidden prompts or malicious scripts to access your information.

2) Use a personal data removal service

Limit the amount of your personal data spread across the web. Data removal services can automatically remove your private data from people search sites and data broker databases, reducing what attackers can find and use against you. While no service can guarantee complete removal of your data from the Internet, a data removal service is truly a smart choice. It’s not cheap, and neither is your privacy. These services do all the work for you by systematically monitoring and scraping your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to clear your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches to information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.

Get a free check to see if your personal information is already on the web: Cyberguy.com.

3) Avoid analyzing unknown content

Treat every email, attachment or document with caution. Don’t ask AI tools to analyze content from suspicious or unverified sources. Hidden text, invisible code, or layout tricks can trigger silent actions that expose your private data.

4) Keep an eye out for security updates

Stay tuned for updates from OpenAI, Google, Microsoft, and other platforms. Security patches close newly discovered vulnerabilities before hackers can exploit them. Turn on automatic updates so you’re always protected without having to think about it.

5) Use powerful antivirus software

Powerful antivirus software adds another wall of defense. These tools detect phishing links, hidden scripts, and AI exploits before they can cause any damage. Schedule regular scans and keep your protection up to date.

The best way to protect yourself from malicious links that install malware, and potentially access your private information, is to install strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for Windows, Mac, Android, and iOS at Cyberguy.com.

6) Use layered protection

Think of your security like an onion; More layers make it more difficult to penetrate. Keep your browser, operating system, and endpoint security software fully up-to-date. Add real-time threat detection and email filtering to block malicious content before it reaches your inbox.

Key takeaways for Kurt

Artificial intelligence is evolving faster than most security systems can keep up. Even as companies move quickly to patch vulnerabilities, savvy attackers find new ways to exploit integrations and context memory. Staying alert and limiting what your AI agents have access to is your best defense.

Would you still trust an AI assistant with access to your personal email after learning how easy it is to fool it? Let us know by writing to us at Cyberguy.com..

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.