The U.S. National Highway Traffic Safety Administration (NHTSA) has opened a new investigation into 2.88 million Tesla vehicles running “Full Self-Driving” (FSD). Officials say the system may be breaking traffic laws, and worse, causing accidents. According to Reuters, 58 reports describe Teslas blowing through red lights, drifting into the wrong lanes and even crashing at intersections. Fourteen of those cases involved actual crashes, and 23 caused injuries.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

WOULD YOU BUY THE WORLD’S FIRST PERSONAL ROBOCAR?

Red lights, train tracks and trouble ahead

In one striking pattern, six Tesla vehicles reportedly ran red lights before colliding with other cars. One driver in Houston complained that FSD “is not recognizing traffic signals,” saying the car stopped at green lights but ran through reds. The driver even said Tesla had seen the issue firsthand during a test drive, but refused to fix it. The agency is also reviewing new reports that some Teslas using FSD failed to handle railroad crossings safely, with one case involving a near-collision with an oncoming train.

WILL AUTONOMOUS TRUCKS REPLACE DRIVERS BY 2027?

Mounting legal and safety scrutiny

This is far from Tesla’s first brush with regulators. The company is already facing several investigations tied to both its Autopilot and FSD systems. In one high-profile case, a California jury ordered Tesla to pay $329 million after an Autopilot-related crash killed a woman. Another investigation is looking into Tesla’s limited Robotaxi service in Austin, Texas, where passengers reported erratic driving and speeding — even with human safety drivers onboard. Meanwhile, Tesla is still fighting a false advertising lawsuit from California’s DMV. Regulators say calling the software “Full Self-Driving” is misleading, since it requires constant driver supervision. Tesla recently changed the name to “Full Self-Driving (Supervised)” to reflect that reality.

Regulators say more crashes may come

Tesla’s latest FSD software update arrived just days before the investigation began. But the NHTSA says the system has already “induced vehicle behavior that violated traffic safety laws.” This investigation, now in its early stages, could lead to a recall if the agency finds that Tesla’s self-driving software poses a safety risk.

LUCID JOINS TESLA AND GM WITH HANDS-FREE HIGHWAY DRIVING

Regulators say some Teslas ran red lights and ignored traffic signals. (Christopher Goodney/Bloomberg via Getty Images)

What this means for you

If you drive a Tesla with FSD enabled, stay alert. The system isn’t fully autonomous, no matter what the name suggests. You should:

• Keep your hands on the wheel and eyes on the road at all times.
• Manually override the system when approaching intersections, crosswalks or railroad tracks.
• Check for Tesla software updates regularly — they may include critical safety fixes.
• Report any unsafe FSD behavior to NHTSA.

For everyone else, this investigation is a reminder that “self-driving” still means supervised driving.

Robotaxi tests raise fresh safety questions for Tesla’s self-driving cars. (AP)

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

Tesla’s dream of a fully autonomous future keeps hitting speed bumps. With safety regulators circling and lawsuits piling up, the company’s next moves will shape public trust in AI-driven transportation. Still, the push toward automation isn’t slowing down; it’s just under heavier watch.

How much control would you give an AI behind the wheel? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com.  All rights reserved.

A new cybersecurity warning reveals how hackers briefly weaponized ChatGPT’s Deep Research tool. The attack, called ShadowLeak, allowed them to steal Gmail data through a single invisible prompt — no clicks, no downloads and no user action required.

Researchers at Radware discovered the zero-click vulnerability in June 2025. OpenAI patched it in early August after being notified, but experts warn that similar flaws could reappear as artificial intelligence (AI) integrations expand across popular platforms like Gmail, Dropbox and SharePoint.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

HACKER EXPLOITS AI CHATBOT IN CYBERCRIME SPREE

How the ShadowLeak attack worked

Attackers embedded hidden instructions into an email using white-on-white text, tiny fonts or CSS layout tricks. The email looked completely harmless. But when a user later asked ChatGPT’s Deep Research agent to analyze a Gmail inbox, the AI unknowingly executed the attacker’s commands.

The agent then used its built-in browser tools to exfiltrate sensitive data to an external server, all within OpenAI’s own cloud environment, beyond the reach of antivirus or enterprise firewalls.

Unlike previous prompt-injection attacks that ran on the user’s device, ShadowLeak unfolded entirely in the cloud, making it invisible to local defenses.

GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

Hidden prompts expose how hackers silently hijacked ChatGPT’s AI agent. (Kurt “CyberGuy” Knutsson)

Why this threat matters

The Deep Research agent was designed to perform multistep research and summarize online data, but its wide access to third-party apps like Gmail, Google Drive and Dropbox also opened the door to abuse.

Radware researchers said the attack involved encoding personal data in Base64 and appending it to a malicious URL, disguised as a “security measure.” Once sent, the agent believed it was acting normally.

The real danger lies in the fact that any connector could be exploited the same way if attackers manage to hide prompts in analyzed content.

What security experts say

“The user never sees the prompt. The email looks normal, but the agent follows the hidden commands without question,” the researchers explained.

In a separate experiment, security firm SPLX showed another weakness: ChatGPT agents could be tricked into solving CAPTCHAs by inheriting a manipulated conversation history. Researcher Dorian Schultz noted that the model even mimicked human cursor movements, bypassing tests meant to block bots.

These incidents highlight how context poisoning and prompt manipulation can silently break AI safeguards.

GOOGLE AI EMAIL SUMMARIES CAN BE HACKED TO HIDE PHISHING ATTACKS

Experts warn future AI integrations could face the same hidden threat. (Kurt “CyberGuy” Knutsson)

How to protect yourself from ShadowLeak-style attacks

Even though OpenAI has patched the ShadowLeak flaw, it’s smart to stay proactive. Cybercriminals are always looking for new ways to exploit AI agents and integrations. So, taking these precautions now can help keep your accounts and personal data secure.

1) Turn off unused integrations

Every connection is a potential entry point. Disable any integrations you’re not actively using, such as Gmail, Google Drive or Dropbox. Fewer linked apps mean fewer ways for hidden prompts or malicious scripts to access your information.

2) Use a personal data removal service

Limit how much of your personal data is floating around the web. Data removal services can automatically remove your private details from people search sites and data broker databases, reducing what attackers can find and use against you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

3) Avoid analyzing unknown content

Treat every email, attachment or document with caution. Don’t ask AI tools to analyze content from unverified or suspicious sources. Hidden text, invisible code or layout tricks could trigger silent actions that expose your private data.

4) Watch for security updates

Stay alert for updates from OpenAI, Google, Microsoft and other platforms. Security patches close newly discovered vulnerabilities before hackers can exploit them. Turn on automatic updates so you’re always protected without having to think about it. 

5) Use strong antivirus software

A strong antivirus program adds another wall of defense. These tools detect phishing links, hidden scripts and AI-driven exploits before they cause harm. Schedule regular scans and keep your protection up to date.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Use layered protection

Think of your security like an onion; more layers make it tougher to breach. Keep your browser, operating system and endpoint security software fully updated. Add real-time threat detection and email filtering to block malicious content before it lands in your inbox.

Kurt’s key takeaways

AI is evolving faster than most security systems can keep up with. Even when companies move quickly to patch vulnerabilities, clever attackers find new ways to exploit integrations and context memory. Staying alert and limiting what your AI agents can access is your best defense.

Would you still trust an AI assistant with access to your personal email after learning how easily it can be tricked? Let us know by writing to us at Cyberguy.com..

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.