India, Oct. 24 -- In a discovery that shakes the AI security landscape, Operant AI, creator of the world's only Runtime AI Defence Platform, has uncovered "Shadow Escape," a powerful zero-click exploit targeting the Model Context Protocol (MCP) and connected AI agents. The attack enables data exfiltration through legitimate AI assistants, including ChatGPT, Claude, Gemini, and open-source LLM-based agents, all without user interaction or detection.

This isn't a traditional cyberattack. It's a new class of threat that operates entirely within authorised identity boundaries and inside enterprise firewalls, making it invisible to conventional security tools.

According to Operant AI's threat research, the exploit leverages MCP, a widely ado...