Israeli cybersecurity firm Zenity has revealed the first-ever “Zero Click” vulnerability in OpenAI’s ChatGPT service. This type of attack does not require users to perform any action such as clicking a link, opening a file, or engaging in any intended interaction, but can still gain access to accounts and leak sensitive data.
According to a VNA reporter in Tel Aviv, Mr. Mikhail Bergori, co-founder and CTO of Zenity, directly explained how a hacker only needs a user's email address to completely control conversations - including past and future content, change the purpose of the conversation, and even control ChatGPT to act according to the hacker's wishes.
In their presentation, the researchers showed that a compromised ChatGPT could be turned into a “malicious actor” that could operate covertly against users. Hackers could make the chatbot suggest users download virus-infected software, give misleading business advice, or access files stored on Google Drive if the user’s account is connected.
The entire process happened without the user knowing. The vulnerability was only fully patched after Zenity notified OpenAI.
In addition to ChatGPT, Zenity has also demonstrated similar attacks against other popular AI assistant platforms. In Microsoft's Copilot Studio, researchers discovered a way to leak entire CRM databases.
For Salesforce Einstein, hackers can create fake service requests to redirect all customer communications to email addresses under their control.
Google Gemini and Microsoft 365 Copilot were also turned into “hostile actors,” carrying out phishing attacks and leaking sensitive information via emails and calendar events.
In another example, the software development tool Cursor, when integrated with Jira MCP, was also exploited to steal developer credentials through fake “tickets.”
Zenity said some companies, including OpenAI and Microsoft, quickly released patches after being alerted. However, others declined to address the issue, arguing that the behavior was a “design feature” rather than a security vulnerability.
The big challenge now, according to Mikhail Bergori, is that AI assistants are not just performing simple tasks, but are becoming “digital entities” that represent users – able to open folders, send files and access emails. He warns that this is like a “paradise” for hackers, with so many points of exploitation.
Ben Kaliger, co-founder and CEO of Zenity, stressed that the company's research shows that current security methods are no longer suitable for the way AI assistants operate. He called on organizations to change their approach and invest in specialized solutions to be able to control and monitor the activities of these "agents".
Zenity was founded in 2021. It currently has about 110 employees worldwide, 70 of whom work in its Tel Aviv office. Zenity's clients include many Fortune 100 and even Fortune 5 companies./.
Source: https://www.vietnamplus.vn/israel-canh-bao-tro-ly-ai-co-the-tro-thanh-tac-nhan-doc-hai-tan-cong-nguoi-dung-post1054883.vnp
![[Photo] Hanoi: Authorities work hard to overcome the effects of heavy rain](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/8/26/380f98ee36a34e62a9b7894b020112a8)
![[Photo] Multi-colored cultural space at the Exhibition "80 years of the journey of Independence - Freedom - Happiness"](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/8/26/fe69de34803e4ac1bf88ce49813d95d8)
Comment (0)