Exploiting ChatGPT Deep Research Agent
2025-09-18 20:17:51.944377+02 by Dan Lyke 0 comments
ShadowLeak: A Zero- Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent. If a user has given ChatGPT's "Deep Research Agent" access to their Gmail inbox and to external websites, crafting an email that causes information from other emails to be exfiltrated via access to external sites...
The Winning Strategy: Encoding the PII - Our final and successful strategy was to instruct the agent to encode the extracted PII into Base64 before appending it to the URL. We framed this action as a necessary security measure to protect the data during transmission.