Radware® (NASDAQ: RDWR) recently uncovered a new zero-click indirect prompt injection (IPI) vulnerability, dubbed ZombieAgent, targeting OpenAI’s Deep Research agent. This vulnerability poses serious risks, including invisible data theft and persistent agent hijacking, allowing attackers to implant malicious instructions directly into the AI’s memory without user interaction. ZombieAgent utilizes advanced techniques from Radware’s previous ShadowLeak vulnerability, leading to undetected compromises as all actions occur within OpenAI’s cloud infrastructure. This obscurity means traditional security measures fail to recognize the breach, creating a perilous blind spot for enterprises relying on AI for critical operations. Radware emphasizes the urgent need for enhanced visibility and security in AI platforms, as attackers exploit these weaknesses to execute automated, worm-like campaigns. To discuss these risks, Radware will host a webinar on January 20, 2026. For in-depth insights, visit Radware’s Security Research Center and explore their latest threat advisory.
Source link
Share
Read more