Zero-Click Vulnerability in ChatGPT's Agent Enables Silent Gmail Data Theft
Researchers at Radware found a zero-click flaw in ChatGPT Deep Research agent when connected to Gmail and browsing
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
Researchers at Radware found a zero-click flaw in ChatGPT Deep Research agent when connected to Gmail and browsing
Trend Micro said the use of AI platforms to create and host fake CAPTCHA pages helps attackers develop more sophisticated phishing campaigns at scale and speed
New IO research reveals a surge in AI attacks attempting to corrupt underlying training data
AI-native Villager, which automates Kali and DeepSeek penetration tests, has reached 11,000 PyPI downloads fueling dual-use threat
Thales claims there were over 40,000 API incidents in the first half of 2025
Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards