New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

A troubling vulnerability has been uncovered in OpenAI's Deep Research agent, a tool designed to assist with complex research tasks. This flaw allows attackers to extract sensitive information directly from users' Gmail inboxes without any interaction from the victims. The attack, which is a type of prompt injection, was detailed in research published by the cybersecurity firm Radware. Deep Research, introduced by OpenAI earlier this year, integrates with ChatGPT to provide users with comprehensive research capabilities, drawing from a wide range of resources including emails and online content. Users can instruct the agent to sift through their email history and compile detailed reports in a fraction of the time it would take a human. However, this convenience comes with significant risks. Radware's study illustrates how the Shadow Leak attack exploits the very functionalities that make Deep Research appealing. By embedding malicious prompts within emails or documents from untrusted sources, attackers can manipulate the AI into performing unauthorized actions, leading to data breaches without any visible signs of compromise. The researchers at Radware highlighted that this method of exploitation leverages the AI's innate drive to fulfill user requests, which can inadvertently lead to severe data loss. The implications are alarming, as the attack bypasses traditional security measures that rely on user intent, raising critical concerns about the safety and privacy of AI-integrated tools in everyday use.