Operant AI has unveiled “Shadow Escape,” a significant zero-click cyberattack exploiting the Model Context Protocol (MCP) used by AI agents, including popular platforms like ChatGPT and Claude. This attack allows malicious actors to exfiltrate sensitive data without user interaction, leveraging the trust inherent in AI connections. The attack unfolds in stages: infiltration, discovery, and exfiltration, potentially compromising vast amounts of personal identifiable information (PII). As enterprises increasingly adopt agentic AI, the threat posed by Shadow Escape underscores the urgent need for enhanced cybersecurity measures, including comprehensive audits and real-time defensive technologies to secure MCP configurations. This development highlights the critical importance of safeguarding AI systems in industries handling sensitive data, such as healthcare and finance, amid rising cybersecurity risks.