Radware identifies "ShadowLeak," a zero-click vulnerability in ChatGPT's Deep Research agent, allowing covert data exfiltration without user interaction.
Quiver AI Summary
Radware announced the discovery of a new zero-click vulnerability called "ShadowLeak," which impacts the ChatGPT Deep Research agent, allowing attackers to siphon off sensitive data without any user interaction or visible signs of compromise. This flaw was responsibly disclosed to OpenAI and represents a new category of AI vulnerabilities, as it enables covert data exfiltration simply by sending a malicious email that the ChatGPT agent processes automatically. Radware's research highlights the inherent risks as enterprises increasingly adopt AI technologies, suggesting that reliance on traditional security measures alone may leave them vulnerable to these complex threats. A webinar will be held on October 16, 2025, to discuss the implications of the ShadowLeak vulnerability and best practices for securing AI agents.
Potential Positives
- Radware discovered a significant zero-click vulnerability, "ShadowLeak," demonstrating expertise in identifying emerging threats in AI and cybersecurity.
- The responsible disclosure to OpenAI highlights Radware's commitment to collaboration and ecosystem safety, enhancing its reputation in the cybersecurity community.
- The findings underline the necessity for businesses relying on AI to adopt more comprehensive security measures, positioning Radware as a thought leader in addressing modern security challenges.
- Radware will host a webinar to educate stakeholders about the vulnerability, reinforcing its role as a resource for the cybersecurity community and promoting its expertise.
Potential Negatives
- The discovery of the “ShadowLeak” vulnerability may undermine trust in Radware's cybersecurity solutions, as it exposes a significant flaw in a widely used AI application, which could lead clients to question the effectiveness of their existing security measures.
- The lack of user action required for the exploit makes it a stark reminder of the limitations of traditional security infrastructures, potentially leading to increased scrutiny and concern among enterprise customers about their reliance on Radware's technology.
- As organizations grapple with the implications of this vulnerability, Radware may face pressure to quickly develop more robust solutions to prevent future incidents, potentially straining resources and impacting their reputation if they do not respond adequately.
FAQ
What is the ShadowLeak vulnerability?
The ShadowLeak vulnerability is a zero-click flaw in ChatGPT's Deep Research agent that allows data exfiltration without user action.
How does ShadowLeak affect enterprise security?
This vulnerability bypasses traditional security measures, posing risks to enterprises relying solely on existing security protocols.
What did Radware discover about the vulnerability?
Radware found that ShadowLeak enables covert data theft by simply sending an email, with no visible signs of compromise.
When is the Radware webinar on ShadowLeak?
The webinar titled "ShadowLeak: A Deep Dive into the First Zero-Click, Service-Side Vulnerability" is scheduled for October 16, 2025.
How did Radware report the vulnerability to OpenAI?
Radware disclosed the vulnerability to OpenAI on June 18, 2025, following responsible disclosure protocols, and a fix was acknowledged on September 3.
Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.
$RDWR Hedge Fund Activity
We have seen 45 institutional investors add shares of $RDWR stock to their portfolio, and 84 decrease their positions in their most recent quarter.
Here are some of the largest recent moves:
- PENSERRA CAPITAL MANAGEMENT LLC added 2,885,913 shares (+inf%) to their portfolio in Q2 2025, for an estimated $84,961,278
- ARTISAN PARTNERS LIMITED PARTNERSHIP added 556,551 shares (+26.0%) to their portfolio in Q2 2025, for an estimated $16,384,861
- HIGHTOWER ADVISORS, LLC removed 455,968 shares (-93.7%) from their portfolio in Q2 2025, for an estimated $13,423,697
- LEGAL & GENERAL GROUP PLC added 445,593 shares (+18.7%) to their portfolio in Q2 2025, for an estimated $13,118,257
- PHOENIX FINANCIAL LTD. removed 436,668 shares (-79.9%) from their portfolio in Q2 2025, for an estimated $12,855,505
- MORGAN STANLEY removed 435,758 shares (-16.2%) from their portfolio in Q2 2025, for an estimated $12,828,715
- CITADEL ADVISORS LLC removed 235,481 shares (-84.2%) from their portfolio in Q2 2025, for an estimated $6,932,560
To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.
$RDWR Analyst Ratings
Wall Street analysts have issued reports on $RDWR in the last several months. We have seen 1 firms issue buy ratings on the stock, and 0 firms issue sell ratings.
Here are some recent analyst ratings:
- Barclays issued a "Overweight" rating on 07/31/2025
To track analyst ratings and price targets for $RDWR, check out Quiver Quantitative's $RDWR forecast page.
$RDWR Price Targets
Multiple analysts have issued price targets for $RDWR recently. We have seen 2 analysts offer price targets for $RDWR in the last 6 months, with a median target of $32.5.
Here are some recent targets:
- Tavy Rosner from Barclays set a target price of $35.0 on 07/31/2025
- Joseph Gallo from Jefferies set a target price of $30.0 on 07/24/2025
Full Release
MAHWAH, N.J., Sept. 18, 2025 (GLOBE NEWSWIRE) -- Radware ® (NASDAQ: RDWR), a leading provider of cybersecurity and application delivery solutions, today announced the discovery of a previously unknown zero-click vulnerability affecting the ChatGPT Deep Research agent. The flaw, dubbed “ShadowLeak,” allows attackers to exfiltrate sensitive information from users without any clicks, prompts or visible signs of compromise on the network or endpoint.
The vulnerability, which Radware disclosed to OpenAI under responsible disclosure protocols, demonstrates a new class of attack on AI agents as they continue to gain broad enterprise adoption. These fully covert, automated agent exploits bypass traditional security controls. Radware’s Security Research Center (RSRC) successfully demonstrated that an attacker could exploit the vulnerability by simply sending an email to the user. Once the agent interacted with the malicious email, sensitive data was extracted without victims ever viewing, opening or clicking the message.
“This is the quintessential zero-click attack,” said David Aviv, chief technology officer at Radware. “There is no user action required, no visible cue and no way for victims to know their data has been compromised. Everything happens entirely behind the scenes through autonomous agent actions on OpenAI cloud servers.”
With ShadowLeak, Radware researchers Gabi Nakibly, Zvika Babo (co-lead researchers) with contribution from Maor Uziel, discovered the first purely server-side sensitive data leak. Without any user action (zero-click), ChatGPT’s Deep Research agent, executing in the OpenAI cloud, performed the sensitive data exfiltration autonomously from OpenAI servers. Unlike previously disclosed zero-click attacks, ShadowLeak operates independently and leaves no network level evidence, making these threats nearly impossible to detect from the perspective of the ChatGPT business customer.
“Enterprises adopting AI cannot rely on built-in safeguards alone to prevent abuse,” said Pascal Geenens, director of cyber threat intelligence at Radware. “Our research highlights that the combination of AI autonomy, SaaS services and integration with customers’ sensitive data sources introduces an entirely new class of risks. AI-driven workflows can be manipulated in ways not yet anticipated, and these attack vectors often bypass the visibility and detection capabilities of traditional security solutions.”
The research arrives at a pivotal moment for enterprise AI adoption. During an August 2025 CNBC interview, Nick Turley, VP of product for ChatGPT, stated that it has 5 million paying business users on ChatGPT, underscoring the potential scale of exposure. Radware’s findings suggest that enterprises relying solely on vendor mitigations or traditional security tools are leaving themselves exposed to an entirely new class of AI attacks.
For more information review Radware’s latest Threat A dvisory and Blog Article: ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent.
Radware Webinar on ShadowLeak
Radware will host a live webinar on October 16, 2025,
“ShadowLeak: A Deep Dive into the First Zero-Click, Service-Side Vulnerability in ChatGPT.”
Security leaders and AI developers are invited to attend and explore the anatomy of the ShadowLeak attack, best practices for securing AI agents and the future of responsible AI threat research.
Radware conducts this threat research on behalf of the wider cybersecurity community, ensuring security professionals have the same insights as attackers. The complete research, including technical breakdowns and defense recommendations, will be available at Radware’s SRC following the webinar.
Responsible Disclosure
Radware reported the vulnerability to OpenAI on June 18, 2025, under responsible disclosure protocols. OpenAI acknowledged the issue and notified Radware of the fix on September 3, 2025. Radware commends OpenAI’s collaboration and commitment to ecosystem safety. This discovery reinforces Radware’s commitment to cybersecurity by anticipating threats that traditional tools miss and ensuring AI agents operate within safe, secure and trusted boundaries.
About Radware Security Research Center
Radware Security Research Center (RSRC) is the threat research arm of Radware, dedicated to uncovering and responsibly disclosing vulnerabilities in traditional web applications and emerging AI systems. Through leading-edge research and real-world attack simulations, the center helps organizations understand and defend against zero-day and zero-click threats. Visit
RSRC
to learn more and download the latest
Internet of Agents
threat research.
About Radware
Radware
®
(NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the
Radware
website.
Radware encourages you to join our community and follow us on: Facebook , LinkedIn , Radware Blog , X , and YouTube .
©2025 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/ . All other trademarks and names are property of their respective owners.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that findings suggest that enterprises relying solely on vendor mitigations or traditional security tools are leaving themselves exposed to an entirely new class of attacks, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at
www.sec.gov
or may be obtained on Radware’s website at
www.radware.com
.
Media Contacts:
Elyse Familant
ResultsPR
[email protected]
Gina Sorice
Radware
[email protected]