OpenAI patched a ChatGPT security flaw that could have allowed hackers to extract Gmail data from its users, according to researchers at cyber firm Radware.
The issue was found in ChatGPT’s Deep Research agent, a tool launched in February to help users analyze large troves of information. The vulnerability could have enabled attackers to siphon sensitive data from corporate or personal Gmail accounts, according to the findings. ChatGPT users who linked their Gmail accounts to the service may have unknowingly exposed their data to hackers, Radware researchers said.
The Deep Research tool from OpenAI is designed to more comprehensively conduct online research on users’ behalf and quickly answer complex questions. It can also connect to users’ Gmail accounts if they authorize it. Deep Research is available to ChatGPT users who pay an extra fee and marked an expansion of the company’s AI agents, or tools designed to carry out tasks with limited human intervention
Radware uncovered the vulnerability, and researchers said there was no evidence that attackers had exploited it.
OpenAI told Radware it fixed the flaw on September 3.
An OpenAI spokesperson said the safety of its models was important to the company, and it is continually improving standards to make its technology more robust against such exploits.
“Researchers often test these systems in adversarial ways, and we welcome their research as it helps us improve,” the spokesperson said.
While hackers have recently deployed AI tools to conduct their own attacks, the Radware findings mark a relatively rare example of the way that emerging AI agents themselves can be exploited to steal their users’ information.
To demonstrate the vulnerability, researchers sent an email to themselves with hidden instructions that told the Deep Research agent to search that inbox for personal information such as full names and addresses. The Radware team then instructed the AI agent to send that data to a web address under their control.
Pascal Geenens, Radware’s director of threat research, said that the intended target of the data theft wouldn’t have needed to click on anything in order for attackers to compromise their data.
“If a corporate account was compromised, the company wouldn’t even know information was leaving,” he said.
Was this article valuable?
Here are more articles you may enjoy.
Two High-Profile Personal Injury Law Firms Sue… Each Other 
Trump Sues The New York Times for Defamation and Libel, Seeks $15 Billion 
Tesla Settles Another Fatal Crash Lawsuit Ahead of Jury Trial 
Texas Insurer New Century Placed in Receivership and Liquidation 
