Radware security researchers reported on September 26, 2025 that multiple vulnerabilities in OpenAI's ChatGPT allowed exfiltration of personal data; OpenAI patched the issues on December 16 after earlier addressing ShadowLeak on September 3 (disclosed September 18). The successor attack, dubbed ZombieAgent, exfiltrates data character-by-character via static URLs and abuses ChatGPT memory, highlighting persistent enterprise risk.
Key Points
- 1Expose vulnerabilities allowing ChatGPT to exfiltrate user data via prompt-injection and URL-based techniques
- 2Demonstrate structural weakness in connectors and memory enabling persistent, character-by-character data leakage
- 3Require organizations to restrict connector/memory combinations, audit shared files, and monitor agent network calls
Scoring Rationale
High novelty and industry-wide scope justify top score; notable strength is actionable mitigations, limitation is single-vendor disclosure.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems


