0-Click ChatGPT Agent Flaw Exposes Gmail Data to Attackers

Researchers have discovered a critical zero-click vulnerability in ChatGPT’s Deep Research agent that allows attackers to silently steal sensitive Gmail data without any user interaction.

This sophisticated attack leverages service-side exfiltration techniques, making it invisible to traditional security defenses and representing a significant escalation in AI agent security threats.

The Silent Data Theft Mechanism

As per a report, the vulnerability exploits ChatGPT’s Deep Research agent, an autonomous research tool that can browse websites and access connected services like Gmail to generate comprehensive reports. 

Unlike previous client-side attacks that relied on users viewing malicious content, this flaw operates entirely within OpenAI’s cloud infrastructure, making detection nearly impossible.

Diagram illustrating the flow of requests and data between client, server, and database, highlighting server-side HTML response and client-side JavaScript fetching data

The attack begins when a cybercriminal sends a seemingly innocent email containing hidden HTML instructions using techniques like tiny ...