What is the 'ZombieAgent' vulnerability in ChatGPT?

ZombieAgent is a vulnerability allowing hidden malicious prompts within connected apps, like emails, to be executed by ChatGPT without user consent, potentially leading to data theft or propagation.

How did OpenAI patch the ChatGPT 'ZombieAgent' flaw?

OpenAI addressed the 'ZombieAgent' vulnerability on December 16 by implementing a security patch, though details of the fix have not been released.

Can ChatGPT apps still be exploited by hidden prompts?

OpenAI patched the 'ZombieAgent' vulnerability on December 16, significantly reducing the risk of exploitation through hidden prompts in connected apps.

Home / Technology / ChatGPT's New Apps Vulnerable to 'ZombieAgent' Attacks

ChatGPT's New Apps Vulnerable to 'ZombieAgent' Attacks

9 Jan

•

Summary

ChatGPT apps feature allows connections to emails and calendars.
Malicious prompts hidden in emails can be executed by ChatGPT.
OpenAI patched the 'ZombieAgent' vulnerability on December 16.

ChatGPT's New Apps Vulnerable to 'ZombieAgent' Attacks

OpenAI's recently released 'apps' feature for ChatGPT, previously known as Connectors, has been found to harbor a significant security vulnerability dubbed 'ZombieAgent'. This feature allows ChatGPT to integrate with various applications, including email and cloud storage, to enhance user responses. However, security researchers at Radware discovered that malicious prompts can be embedded within connected applications, such as emails, often hidden from human view.

When a user requests ChatGPT to process information containing these hidden prompts, the AI could execute unauthorized commands. These exploits range from zero-click data exfiltration to malicious command storage for persistence, and even worm-like propagation across inboxes. Radware detailed four attack vectors: zero-click server-side, one-click server-side, persistence, and propagation.