MULTIMEDIA UPDATE - Radware Uncovers First Zero-Click, Service-Side Vulnerability in ChatGPT
Radware (NASDAQ: RDWR) has discovered "ShadowLeak," the first zero-click, service-side vulnerability in ChatGPT's Deep Research agent. This critical security flaw allows attackers to exfiltrate sensitive data from OpenAI servers without any user interaction or visible signs of compromise.
The vulnerability can be triggered by simply sending an email to a user, with the agent autonomously extracting sensitive data without requiring the victim to view, open, or click the message. The discovery is particularly significant given ChatGPT's 5 million paying business users. Radware disclosed the vulnerability to OpenAI on June 18, 2025, and a fix was implemented by September 3, 2025.
Radware will host a live webinar on October 16, 2025, to discuss the ShadowLeak attack, security best practices, and responsible AI threat research.
Radware (NASDAQ: RDWR) ha individuato "ShadowLeak", la prima vulnerabilità lato servizio senza clic (zero-click) nel Deep Research agent di ChatGPT. Questo grave difetto di sicurezza permette agli aggressori esfiltrare dati sensibili dai server OpenAI senza alcuna interazione dell'utente o segnali visibili di compromissione.
La vulnerabilità può essere attivata semplicemente inviando un'email a un utente, con l'agente che estrae autonomamente dati sensibili senza che la vittima debba visualizzare, aprire o cliccare sul messaggio. La scoperta è particolarmente significativa considerando i 5 milioni di utenti business paganti di ChatGPT. Radware ha comunicato la vulnerabilità a OpenAI il 18 giugno 2025, e una correzione è stata implementata entro il 3 settembre 2025.
Radware terrà un webinar dal vivo il 16 ottobre 2025 per discutere dell'attacco ShadowLeak, delle migliori pratiche di sicurezza e della ricerca responsabile sulle minacce nell'AI.
Radware (NASDAQ: RDWR) ha descubierto "ShadowLeak", la primera vulnerabilidad sin clic en el lado del servicio en el agente Deep Research de ChatGPT. Esta falla de seguridad crítica permite a los atacantes exfiltrar datos sensibles de los servidores de OpenAI sin ninguna interacción del usuario ni señales visibles de compromiso.
La vulnerabilidad puede activarse simplemente enviando un correo electrónico a un usuario, y el agente extrae datos sensibles de forma autónoma sin que la víctima tenga que ver, abrir o hacer clic en el mensaje. Este descubrimiento es especialmente significativo dado que ChatGPT tiene 5 millones de usuarios empresariales de pago. Radware comunicó la vulnerabilidad a OpenAI el 18 de junio de 2025, y se implementó una corrección para el 3 de septiembre de 2025.
Radware organizará un webinar en vivo el 16 de octubre de 2025, para discutir el ataque ShadowLeak, las mejores prácticas de seguridad y la investigación de amenazas de IA responsable.
Radware (NASDAQ: RDWR)가 ChatGPT의 Deep Research 에이전트에서 서비스 측면의 제로 클릭 취약점인 'ShadowLeak'을 발견했습니다. 이 중대한 보안 결함은 공격자가 사용자 상호작용이나 눈에 보이는 침해 흔적 없이 OpenAI 서버에서 민감한 데이터를 탈취할 수 있게 합니다.
이 취약점은 사용자에게 이메일을 단순히 보내는 것으로 트리거될 수 있으며, 에이전트가 피해자가 메시지를 열람하거나 클릭하지 않고도 민감한 데이터를 자동으로 추출합니다. ChatGPT의 5백만 명의 유료 비즈니스 사용자를 고려하면 이 발견은 특히 중요합니다. Radware는 2025년 6월 18일에 OpenAI에 취약점을 공개했고, 2025년 9월 3일까지 수정이 구현되었습니다.
Radware는 2025년 10월 16일 라이브 웨비나를 개최하여 ShadowLeak 공격, 보안 모범 사례 및 책임 있는 AI 위협 연구를 논의할 예정입니다.
Radware (NASDAQ: RDWR) a dû découvrir « ShadowLeak », la première vulnérabilité sans clic côté service dans l’agent Deep Research de ChatGPT. Cette faille de sécurité critique permet aux attaquants de voler des données sensibles des serveurs OpenAI sans interaction utilisateur ni signe apparent de compromission.
La vulnérabilité peut être déclenchée simplement en envoyant un courriel à un utilisateur, l’agent extrayant des données sensibles de manière autonome sans que la victime ait à consulter, ouvrir ou cliquer sur le message. Cette découverte est particulirement significative compte tenu des 5 millions d’utilisateurs détenteurs payants de ChatGPT. Radware a informé OpenAI de la vulnérabilité le 18 juin 2025, et une correction a été mise en place le 3 septembre 2025.
Radware organisera un webinaire en direct le 16 octobre 2025 pour discuter de l’attaque ShadowLeak, des bonnes pratiques de sécurité et de la recherche responsable sur les menaces IA.
Radware (NASDAQ: RDWR) hat „ShadowLeak“ entdeckt, die erste Zero-Click-Sicherheitslücke im Deep-Research-Agent von ChatGPT. Diese kritische Sicherheitslücke ermöglicht Angreifern das Extrahieren sensibler Daten von OpenAI-Servern, ohne dass der Benutzer eingreift oder Anzeichen einer Kompromittierung sichtbar sind.
Die Schwachstelle kann ausgelöst werden, indem einfach eine E-Mail an einen Benutzer gesendet wird, wobei der Agent autonom sensible Daten extrahiert, ohne dass das Opfer die Nachricht ansehen, öffnen oder anklicken muss. Die Entdeckung ist besonders bedeutsam, da ChatGPT 5 Millionen zahlende Geschäftskunden hat. Radware hat die Schwachstelle am 18. Juni 2025 OpenAI mitgeteilt, und eine Behebung wurde bis zum 3. September 2025 implementiert.
Radware wird am 16. Oktober 2025 ein Live-Webinar veranstalten, um den ShadowLeak-Angriff, Sicherheits-Best-Practices und verantwortungsvolle KI-Bedrohungsforschung zu diskutieren.
Radware (نَشْدَاك: RDWR) اكتشفت "ShadowLeak"، أول ثغرة بدون نقرة على جانب الخدمة في وكيل Deep Research لـ ChatGPT. هذه الثغرة الأمنية الحرجة تسمح للمهاجمين بسرقة بيانات حساسة من خوادم OpenAI دون أي تفاعل من المستخدم أو علامات اختراق ظاهرة.
يمكن تشغيل الثغرة ببساطة عن طريق إرسال بريد إلكتروني لمستخدم، حيث يستخرج الوكيل البيانات الحساسة تلقائياً دون أن تحتاج الضحية لعرض الرسالة أو فتحها أو النقر عليها. الاكتشاف مهم بشكل خاص بالنظر إلى وجود خمسة ملايين مستخدم تجاري مدفوع من ChatGPT. قامت Radware بإبلاغ OpenAI بالثغرة في 18 يونيو 2025، وتم تنفيذ الإصلاح بحلول 3 سبتمبر 2025.
ستستضيف Radware ويبيناراً مباشراً في 16 أكتوبر 2025 لمناقشة هجوم ShadowLeak وأفضل ممارسات الأمن وبحوث التهديدات الذكاء الاصطناعي المسؤولة.
Radware (NASDAQ: RDWR) 已发现“ShadowLeak”,这是 ChatGPT 的 Deep Research 代理中的首个零点击、服务端漏洞。此关键安全缺陷使攻击者能够在不需要用户交互或可见妥协痕迹的情况下,从 OpenAI 服务器 窃取敏感数据。
该漏洞仅需向用户发送一封邮件即可触发,代理即可自动提取敏感数据,而无需受害者查看、打开或点击该邮件。考虑到 ChatGPT 拥有的 500 万付费企业用户,此发现尤为重要。Radware 于 2025 年 6 月 18 日将漏洞披露给 OpenAI,修复于 2025 年 9 月 3 日实现。
Radware 将于 2025 年 10 月 16 日 举办现场网络研讨会,讨论 ShadowLeak 攻击、安全最佳实践以及对负责任 AI 威胁研究。
- Successfully identified and helped fix a critical security vulnerability in ChatGPT
- Demonstrates Radware's leadership in AI security research and threat detection
- Reinforces company's position as a key player in cybersecurity innovation
- Reveals significant security vulnerabilities in AI systems that could affect enterprise adoption
- Highlights new attack vectors that bypass traditional security controls
Insights
Radware's discovery of a novel ChatGPT vulnerability strengthens its market position in AI security and demonstrates valuable research capabilities.
Radware's announcement of the ShadowLeak vulnerability represents a significant technical achievement in the cybersecurity space. This zero-click exploit affecting ChatGPT's Deep Research agent operates completely server-side on OpenAI's infrastructure, making it virtually undetectable by traditional security measures. The attack requires no user interaction to exfiltrate sensitive data, functioning autonomously when the AI agent processes a malicious email.
What makes this discovery particularly valuable is that it identifies an entirely new attack vector targeting AI agents - a rapidly growing enterprise technology. With 5 million paying business users on ChatGPT (according to OpenAI's VP of product), the potential security implications are substantial. This positions Radware favorably in several ways:
First, it demonstrates Radware's advanced research capabilities in emerging threat landscapes, particularly in AI security - an increasingly critical domain as enterprises rapidly adopt these technologies. Second, by responsibly disclosing the vulnerability to OpenAI (reported June 18, fixed by September 3), Radware establishes itself as a trusted security partner in the AI ecosystem.
The timing of this discovery aligns perfectly with market trends, as enterprises are increasingly integrating AI agents with sensitive data sources. Radware is leveraging this research through multiple channels - publishing threat advisories, blog content, and hosting educational webinars - which should drive brand visibility and potentially new business opportunities in AI security consulting and solutions.
This discovery reinforces Radware's value proposition as a forward-looking cybersecurity provider that can identify and mitigate threats that traditional security tools miss, particularly in emerging technologies like AI agents.
New ShadowLeak exploit directs ChatGPT’s Deep Research agent to exfiltrate sensitive customer data autonomously, from OpenAI servers
MAHWAH, N.J., Sept. 18, 2025 (GLOBE NEWSWIRE) -- Radware® (NASDAQ: RDWR), a leading provider of cybersecurity and application delivery solutions, today announced the discovery of a previously unknown zero-click vulnerability affecting the ChatGPT Deep Research agent. The flaw, dubbed “ShadowLeak,” allows attackers to exfiltrate sensitive information from users without any clicks, prompts or visible signs of compromise on the network or endpoint.
The vulnerability, which Radware disclosed to OpenAI under responsible disclosure protocols, demonstrates a new class of attack on AI agents as they continue to gain broad enterprise adoption. These fully covert, automated agent exploits bypass traditional security controls. Radware’s Security Research Center (RSRC) successfully demonstrated that an attacker could exploit the vulnerability by simply sending an email to the user. Once the agent interacted with the malicious email, sensitive data was extracted without victims ever viewing, opening or clicking the message.
“This is the quintessential zero-click attack,” said David Aviv, chief technology officer at Radware. “There is no user action required, no visible cue and no way for victims to know their data has been compromised. Everything happens entirely behind the scenes through autonomous agent actions on OpenAI cloud servers.”
With ShadowLeak, Radware researchers Gabi Nakibly, Zvika Babo (co-lead researchers) with contribution from Maor Uziel, discovered the first purely server-side sensitive data leak. Without any user action (zero-click), ChatGPT’s Deep Research agent, executing in the OpenAI cloud, performed the sensitive data exfiltration autonomously from OpenAI servers. Unlike previously disclosed zero-click attacks, ShadowLeak operates independently and leaves no network level evidence, making these threats nearly impossible to detect from the perspective of the ChatGPT business customer.
“Enterprises adopting AI cannot rely on built-in safeguards alone to prevent abuse,” said Pascal Geenens, director of cyber threat intelligence at Radware. “Our research highlights that the combination of AI autonomy, SaaS services and integration with customers’ sensitive data sources introduces an entirely new class of risks. AI-driven workflows can be manipulated in ways not yet anticipated, and these attack vectors often bypass the visibility and detection capabilities of traditional security solutions.”
The research arrives at a pivotal moment for enterprise AI adoption. During an August 2025 CNBC interview, Nick Turley, VP of product for ChatGPT, stated that it has 5 million paying business users on ChatGPT, underscoring the potential scale of exposure. Radware’s findings suggest that enterprises relying solely on vendor mitigations or traditional security tools are leaving themselves exposed to an entirely new class of AI attacks.
For more information review Radware’s latest Threat Advisory and Blog Article: ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent.
Radware Webinar on ShadowLeak
Radware will host a live webinar on October 16, 2025, “ShadowLeak: A Deep Dive into the First Zero-Click, Service-Side Vulnerability in ChatGPT.”
Security leaders and AI developers are invited to attend and explore the anatomy of the ShadowLeak attack, best practices for securing AI agents and the future of responsible AI threat research.
Radware conducts this threat research on behalf of the wider cybersecurity community, ensuring security professionals have the same insights as attackers. The complete research, including technical breakdowns and defense recommendations, will be available at Radware’s SRC following the webinar.
Responsible Disclosure
Radware reported the vulnerability to OpenAI on June 18, 2025, under responsible disclosure protocols. OpenAI acknowledged the issue and notified Radware of the fix on September 3, 2025. Radware commends OpenAI’s collaboration and commitment to ecosystem safety. This discovery reinforces Radware’s commitment to cybersecurity by anticipating threats that traditional tools miss and ensuring AI agents operate within safe, secure and trusted boundaries.
About Radware Security Research Center
Radware Security Research Center (RSRC) is the threat research arm of Radware, dedicated to uncovering and responsibly disclosing vulnerabilities in traditional web applications and emerging AI systems. Through leading-edge research and real-world attack simulations, the center helps organizations understand and defend against zero-day and zero-click threats. Visit RSRC to learn more and download the latest Internet of Agents threat research.
About Radware
Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.
Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.
©2025 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that findings suggest that enterprises relying solely on vendor mitigations or traditional security tools are leaving themselves exposed to an entirely new class of attacks, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.
Media Contacts:
Elyse Familant
ResultsPR
elysef@resultspr.net
Gina Sorice
Radware
GinaSo@radware.com
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/430738fc-fb4e-431a-9308-daebfd592046
FAQ
What is the ShadowLeak vulnerability discovered by Radware (RDWR) in ChatGPT?
How does the ShadowLeak vulnerability in ChatGPT work?
When did Radware discover and report the ChatGPT vulnerability?
How many business users could be affected by the ChatGPT vulnerability?
When is Radware's webinar about the ShadowLeak vulnerability?
