Core Insights - Radware has discovered a zero-click vulnerability named "ShadowLeak" affecting the ChatGPT Deep Research agent, allowing attackers to exfiltrate sensitive information without any user interaction [1][2][3] - This vulnerability represents a new class of attack on AI agents, which can bypass traditional security measures and operate covertly [2][4] Company Insights - Radware disclosed the vulnerability to OpenAI under responsible disclosure protocols, highlighting the importance of collaboration in cybersecurity [2][8] - The research emphasizes that enterprises adopting AI must not solely rely on built-in safeguards, as the integration of AI with sensitive data sources introduces new risks [4][8] - Radware's Security Research Center (RSRC) aims to provide insights into vulnerabilities and threats, ensuring that security professionals are informed about potential risks [7][10] Industry Insights - The discovery of ShadowLeak comes at a critical time for enterprise AI adoption, with ChatGPT reportedly having 5 million paying business users, indicating a significant potential exposure to such vulnerabilities [4] - The findings suggest that traditional security tools may not be sufficient to protect against emerging AI-driven attack vectors, necessitating a reevaluation of security strategies [4][8]

Core Insights - Radware has discovered a zero-click vulnerability named "ShadowLeak" affecting the ChatGPT Deep Research agent, allowing attackers to exfiltrate sensitive data without user interaction [1][2][3] - This vulnerability represents a new class of attack on AI agents, which can bypass traditional security measures and operate covertly [2][4] - The research highlights the risks associated with AI autonomy and integration with sensitive data sources, emphasizing that enterprises cannot solely rely on built-in safeguards [4] Company Insights - Radware is a leading provider of cybersecurity and application delivery solutions, focusing on uncovering vulnerabilities in both traditional web applications and emerging AI systems [9][10] - The company has committed to responsible disclosure protocols, having reported the vulnerability to OpenAI and collaborated on a fix [8] - Radware's Security Research Center (RSRC) aims to provide insights into zero-day and zero-click threats, helping organizations defend against emerging cybersecurity challenges [9] Industry Insights - The discovery of ShadowLeak comes at a critical time as enterprise adoption of AI continues to grow, with ChatGPT reportedly having 5 million paying business users [4] - The findings suggest that traditional security tools may not be sufficient to protect against new AI-driven attack vectors, indicating a need for enhanced security measures in the industry [4] - Radware will host a webinar to discuss the implications of the ShadowLeak vulnerability and best practices for securing AI agents, highlighting the importance of ongoing education in cybersecurity [6]