Radware Uncovers First Zero-Click, Service-Side Vulnerability in ChatGPT

Core Insights - Radware has discovered a zero-click vulnerability named "ShadowLeak" affecting the ChatGPT Deep Research agent, allowing attackers to exfiltrate sensitive data without user interaction [1][2][3] - This vulnerability represents a new class of attack on AI agents, which can bypass traditional security measures and operate covertly [2][4] - The research highlights the risks associated with AI autonomy and integration with sensitive data sources, emphasizing that enterprises cannot solely rely on built-in safeguards [4] Company Insights - Radware is a leading provider of cybersecurity and application delivery solutions, focusing on uncovering vulnerabilities in both traditional web applications and emerging AI systems [9][10] - The company has committed to responsible disclosure protocols, having reported the vulnerability to OpenAI and collaborated on a fix [8] - Radware's Security Research Center (RSRC) aims to provide insights into zero-day and zero-click threats, helping organizations defend against emerging cybersecurity challenges [9] Industry Insights - The discovery of ShadowLeak comes at a critical time as enterprise adoption of AI continues to grow, with ChatGPT reportedly having 5 million paying business users [4] - The findings suggest that traditional security tools may not be sufficient to protect against new AI-driven attack vectors, indicating a need for enhanced security measures in the industry [4] - Radware will host a webinar to discuss the implications of the ShadowLeak vulnerability and best practices for securing AI agents, highlighting the importance of ongoing education in cybersecurity [6]