Blog
Co-Lead Researchers: Zvika Babo, Gabi Nakibly; Contributor: Maor Uziel

Author: Co-Lead Researchers: Zvika Babo, Gabi Nakibly; Contributor: Maor Uziel

ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Resea

Threat Intelligence ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent We found a zero-click flaw in ChatGPT’s Deep Research agent when connected to Gmail and browsing: A single crafted email quietly makes the agent leak sensitive inbox data to an attacker with no user action or visible UI. Co-Lead Researchers: Zvika Babo, Gabi Nakibly; Contributor: Maor Uziel |September 18, 2025

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia