ChatGPT Deep Research Targeted in Server-Side Data Theft Attack

ChatGPT Deep Research Targeted in Server-Side Data Theft Attack

Briefly

"The attack, dubbed ShadowLeak, targeted ChatGPT's Deep Research capability, which is designed to conduct multi-step research for complex tasks. OpenAI neutralized ShadowLeak after it was notified by Radware. The ShadowLeak attack did not require any user interaction. The attacker simply needed to send a specially crafted email that when processed by the Deep Research agent would instruct it to silently collect valuable data and send it back to the attacker."

"However, unlike many other indirect prompt injection attacks, ShadowLeak did not involve the ChatGPT client. Several cybersecurity companies recently demonstrated theoretical attacks in which the attacker leverages the integration between AI assistants and enterprise tools to silently exfiltrate user data with no or minimal victim interaction. Radware mentions Zenity's AgentFlayer and Aim Security's EchoLeak attacks. However, the company highlighted that those are client-side attacks, while ShadowLeak involves the server side."

"Unlike client-side attacks, ShadowLeak exfiltrates data through the parameters of a request to an attacker-controlled URL. A harmless-looking URL such as 'hr-service.net/{parameters}', where the parameter value is the exfiltrated information, has been provided as an example by Radware. Advertisement. Scroll to continue reading. "It's important to note that the web request is performed by the agent executing in OpenAI's cloud infrastructure, causing the leak to originate directly from OpenAI's servers," Radware pointed out, noting that the attack leaves"