ShadowLeak zero-click flaw allowing AI agent to steal Gmail data
URGENT: “ShadowLeak” Zero-Click Flaw Lets AI Agent Silently Steal Your Gmail Data
KATHMANDU, September 22, 2025 – A newly discovered and highly sophisticated zero-click vulnerability, dubbed “ShadowLeak,” is reportedly being exploited to steal data from Gmail accounts on both Android and iOS devices. Cybersecurity researchers are raising alarms about the novel attack method, which leverages a weaponized AI agent, described as a “ChatGPT Deep Research Agent,” to carry out the attacks silently and without any user interaction.
This is not a phishing attack where you have to click a link. The “zero-click” nature of ShadowLeak means an attacker can gain access to your email data simply by sending a specially crafted email to your address. The user does not need to open the email, click on any links, or download any attachments for the attack to be successful, making it exceptionally dangerous.
What is ShadowLeak?
According to preliminary reports from cybersecurity firms, ShadowLeak (CVE-2025-53351) is a critical vulnerability in a widely used system library that email clients, including Gmail, use to render rich content like images and embedded media. The flaw allows for arbitrary code execution when a malformed data object is processed by the library.
Because modern email apps automatically pre-load or render parts of an email to show a preview in your inbox, the vulnerability can be triggered before you even open the message.
The “ChatGPT Deep Research Agent”: AI as a Weapon
What makes this attack particularly insidious is the involvement of a custom-built AI. Threat actors are reportedly using a sophisticated, private version of an OpenAI-like language model, which they call a “ChatGPT Deep Research Agent.”
This AI’s role is to act as the spearhead of the attack. It autonomously scours the public internet for information about its target, then crafts a highly personalized and legitimate-looking email—such as a plausible marketing newsletter, a shipping notification, or a project update from a colleague. This allows the email to bypass even the most advanced spam and threat detection filters. Buried within the email’s code is the invisible, malformed content that exploits the ShadowLeak vulnerability.
The Attack Chain:
- The AI agent crafts a hyper-realistic, personalized email and sends it to the target’s Gmail address.
- The Gmail app on the user’s phone attempts to render a preview of the email in the inbox list.
- As it processes the hidden malicious content, the ShadowLeak zero-click flaw is triggered.
- The exploit creates a covert channel, allowing the attacker to exfiltrate the user’s email data, including contacts, attachments, and private conversations, without leaving an obvious trace.
What You Need to Do Right Now
While Google and Apple are undoubtedly racing to develop a patch, the threat is active. For users in Nepal, here are the immediate recommended steps:
- Await an Emergency Update: Keep a close watch for an emergency operating system (OS) update from Google (Android) and Apple (iOS). Install it the moment it becomes available. This is your most critical defense.
- Temporarily Disable Automatic Image Loading: As a precaution, you can go into your Gmail settings and disable the automatic loading/showing of images. This may help prevent the rendering of the malicious content. (In Gmail, go to
Settings > [Your Account] > Imagesand selectAsk before showing). - Monitor Your Accounts: Be hyper-vigilant for any unusual activity, such as unexpected password reset emails for other services, or alerts about new logins to your connected accounts.
The ShadowLeak vulnerability represents a new and alarming frontier in cyber threats, where the combination of zero-click exploits and weaponized AI can bypass traditional human defenses. It is a stark reminder that in the modern digital landscape, staying updated is not just a recommendation it’s a necessity for survival.
