Radware has uncovered a new zero-click vulnerability, ZombieAgent, affecting OpenAI’s Deep Research agent. This indirect prompt injection (IPI) flaw can lead to invisible data theft and persistent agent hijacking. Unlike Radware’s previous ShadowLeak vulnerability, ZombieAgent implants malicious rules in an agent’s long-term memory, allowing attackers to harvest sensitive information without re-engagement. A single compromised email can initiate a worm-like propagation across an organization’s network, executing hidden actions each time the agent operates.
Critically, all malicious activities occur within OpenAI’s cloud infrastructure, evading traditional security measures like firewalls and endpoint detection, making detection nearly impossible. This underscores a significant weakness in AI agents, which organizations depend on to manage decision-making and sensitive data access. Radware urges security leaders and AI developers to join their upcoming webinar to explore this vulnerability and best practices for enhancing AI security. For further details, refer to Radware’s Threat Advisory and upcoming webinar on January 20, 2026.
Source link
