by : Jairo J. Rodriguez
A new attack technique called “ShadowLeak” is putting a fresh spotlight on the risks of tying artificial intelligence tools directly to workplace email. Researchers say the method lets hackers quietly extract inbox data by tricking ChatGPT into following hidden instructions.
Unlike phishing or malware that rely on suspicious attachments, ShadowLeak is built on prompt injection. In simple terms, attackers bury their commands inside ordinary-looking queries. The language model, instead of sticking to its intended task, obeys the attacker’s secret playbook. That playbook can include combing through inboxes, pulling out sensitive messages, and sending them back to a remote server — all without the user realizing anything unusual has happened.
The real danger here is invisibility. “There’s no malware signature to scan for, no obvious red flag,” one security researcher explained. “The assistant itself becomes the backdoor.”
For companies that have begun connecting AI assistants to tools like Microsoft 365 or Google Workspace, the implications are serious. Imagine confidential contract negotiations slipping out through hidden prompts, or employee health records quietly copied from an inbox. These aren’t far-fetched scenarios — they’re exactly the type of data ShadowLeak is designed to lift.
Small and mid-sized businesses experimenting with AI plugins face the same exposure. And developers wiring ChatGPT into productivity apps may be granting far more access than they realize.
So what can organizations do? Security teams are advising a cautious approach. Limit what the AI can see inside corporate accounts. Put guardrails in place to sanitize prompts before they reach the model. Monitor logs for unusual activity. And just as important, raise awareness that AI tools aren’t magic boxes — they’re new interfaces with their own attack surfaces.
ShadowLeak isn’t ransomware, and it doesn’t exploit a zero-day bug in a firewall. It’s something stranger: an attack that lives entirely in language. That makes it harder to spot, and in some ways, harder to defend. The concern among analysts is that this is just the opening act. If attackers can use hidden instructions to steal emails today, tomorrow they could be targeting calendars, financial records, or even connected industrial systems.
The bottom line is simple: companies need to treat AI like any other piece of enterprise technology — valuable, but risky. ShadowLeak shows that the rush to adopt AI for productivity could open the door to a very quiet kind of data breach.