ShadowLeak: The First Service-Side Leaking, Zero-click Indirect Prompt Injection Vulnerability

Precautionary Advisory: ShadowLeak Vulnerability in AI Assistant Radware has disclosed a critical zero-click vulnerability called ShadowLeak, affecting AI assistants like ChatGPT when connected to enterprise systems (e.g., Gmail, web browsing). This exploit enables attackers to exfiltrate (extract) sensitive data – such as (Personally Identifiable Information (PII), Protected Health Information (PHI), legal strategy, or credentials – […]