Cybersecurity researchers have identified a zero-click vulnerability in OpenAI ChatGPT’s Deep Research agent, termed ShadowLeak, which enables attackers to access sensitive Gmail inbox data via a specially crafted email without user interaction. Following responsible disclosure on June 18, 2025, OpenAI addressed the issue by August of the same year.
