Operant AI’s security research team has identified a zero-click attack named Shadow Escape, which exploits the Model Context Protocol (MCP) used by AI assistants like ChatGPT and Claude to silently steal sensitive data without user interaction. This vulnerability allows AI systems to autonomously generate database queries and access confidential information, including social security numbers and banking records, when employees upload seemingly harmless files. The attack’s stealthy nature means it operates within trusted system boundaries, evading traditional security measures. The implications of this finding underscore the urgent need for robust security protocols around AI systems, particularly in sectors like healthcare and finance, where data privacy is paramount. As AI technology continues to advance, safeguarding against such sophisticated threats becomes increasingly critical for organizations worldwide.