Contemporary Israeli Cybersecurity Company, Zenity, Discovers Unprecedented Zero-Click Hack Capable of Infiltrating ChatGPT Platform
Zero Click Vulnerability Exposes Risks in Popular AI Agents
A groundbreaking "zero-click" hack on ChatGPT and other AI platforms, discovered by Israeli cybersecurity firm Zenity, has raised concerns about data privacy and security, particularly in the context of the U.S. government's plans to integrate ChatGPT across all federal agencies.
The Zero Click vulnerability allows hackers to seize control of a ChatGPT user’s account using just their email address, without requiring any user interaction. Once inside, attackers can reach connected Google Drive files, manipulate chatbot responses, and potentially trick users into downloading malware or accepting harmful advice.
Zenity found similar vulnerabilities in other AI agents, including Microsoft Copilot, Salesforce Einstein, and Google Gemini. These exploits expose vast entry points for attackers in AI-driven workflows, increasing the risks of data theft, misinformation, sabotage, and operational disruption.
Companies like OpenAI, Microsoft, Salesforce, and Google have issued patches or layered defenses following Zenity’s coordinated disclosure. However, concerns remain regarding long-term systemic protections across AI ecosystems. Experts emphasize the critical need for robust, multi-layered defense strategies against prompt injection and zero-click exploits.
The vulnerability enables attackers to quietly take over AI accounts and access both past and future conversations, plus cloud-stored sensitive materials, without user consent or awareness. Manipulation of AI responses can facilitate malware delivery, phishing, disinformation, or harmful business decisions. In enterprise environments, compromised AI agents could lead to leakage of confidential customer data, intellectual property, private communications, and operational commands, jeopardizing organizational security.
The U.S. General Services Administration (GSA) has entered a "first-of-its-kind" agreement with OpenAI, providing broad access to ChatGPT Enterprise to participating federal agencies. While this move is praised by some for the government's embrace of AI technologies, others express apprehension about privacy protections, regulatory oversight, and the potential long-term consequences of integrating ChatGPT into federal agencies.
Ensuring that powerful tools like ChatGPT are deployed responsibly will determine how effectively we can harness their potential while safeguarding sensitive information. Balancing innovation with robust security measures will be crucial as AI continues to weave itself into the fabric of public institutions.
[1] The Jerusalem Post, "Israeli cybersecurity firm Zenity discovers 'Zero Click' vulnerability in OpenAI's ChatGPT platform" [2] TechCrunch, "Zenity finds zero-click vulnerabilities in popular AI agents" [3] Wired, "How a 'Zero Click' Vulnerability Could Hijack Your AI Assistant" [4] Forbes, "Zero-Click Vulnerabilities: The New Threat to AI Security" [5] The Verge, "Zenity reveals 'Zero Click' vulnerability in ChatGPT, other AI platforms"
Read also:
- Senators pressure nominated leader of CISA on election security concerns, focus of agency highlighted
- Osteoporosis: Factors Influencing Risk, Identification Methods, and Medical Interventions
- Collaboration Between Telesign and PCI Pal to Bolster Contact Centers' Anti-Fraud Efforts
- Unauthorized Intrusion: Chinese Cybercriminals Capitalize on Prevalent smartphone Weaknesses
