AI assistant data exposure likely with new Shadow Escape zero-click attack

Organizations leveraging widely adopted artificial intelligence assistants could be subjected to extensive data compromise, impacting Social Security numbers, financial information, and medical records, through the newly discovered Shadow Escape zero-click attack, according to HackRead. Threat actors have been exploiting AI assistants' Model Context Protocol through seemingly official documents with concealed instructions to facilitate the stealthy exfiltration of data, a report from Operant AI revealed. "Because Shadow Escape is easily perpetrated through standard MCP setups and default MCP permissioning, the scale of private consumer and user records being exfiltrated to the dark web via Shadow Escape MCP exfiltration right now could easily be in the trillions," said Operant AI researchers, noting that AI assistants' legitimate data access obscures malicious data extraction. Such an attack technique could be leveraged in any system using MCP, added researchers, who urged organizations using AI agents to promptly conduct system audits.