💪 Zenity

we got a persistent 0click on ChatGPT by sharing a doc that allowed us to exfiltrate sensitive data and creds from your connectors (google drive, sharepoint, ..) + chat history + future conversations it gets worse. we deploy a memory implant #DEFCON #BHUSA Tamir Ishay Sharbat

"This is very, very bad." trib.al/bSKEWUO

Great example of how an indirect prompt injection stored in a google doc allows an attacker to extract API keys from google drive If you’re connecting agents to sensitive data sources make sure you have some runtime security at play

Israeli cybersecurity firm Zenity demonstrates a 'zero-click' hack at Black Hat 2025, exposing critical vulnerabilities in ChatGPT and other AI platforms that allow full account takeover via Google ynetnews.com/business/artic…

we hijacked microsoft's copilot studio agents and got them to spill out their private knowledge, reveal their tools and let us use them to dump full crm records these are autonomous agents.. no human in the loop #DEFCON #BHUSA Tamir Ishay Sharbat

time to drop powerpwn v4! 😈🤖 scan the internet for public-facing microsoft copilot studio ai agents extract their internal instructions and knowledge sources discover and invoke their tools point it at your tenant.. and go hack yourself! #DEFCON #BHUSA Assembly Man

Vlæd Zá 🤡 Tamir Ishay Sharbat we built one including the entire salesforce setup, gave it mock data, and hacked it to get the data back on the other side

bruh

Michael's latest research is sparking important discussions across the community on how attackers can silently hijack enterprise AI agents -- and how to stop them.

Madly interesting!

This is incredible work.

AI Agent Security | AgentFlayer: The 0Click Threat to AI Assistants & Agents ⁦Zenity⁩ zenity.io/research/agent…

My post Black Hat DEF CON breakdown for Eye on AI: Thanks to Zenity Michael Bargury Anthropic Keane DARPA fortune.com/2025/08/12/hac…

Did you catch Zenity Labs at #BlackHat last week? Zero click agent takeovers and data extraction, shown live. Covered in FORTUNE. Thank you Sharon Goldman! fortune.com/2025/08/12/hac…

Your AI agent could leak sensitive data without you knowing. 🤯 Tamir Ishay Sharbat from Zenity Labs explains how a malicious doc in Google Drive can trigger zero click data exfil through ChatGPT Connectors. No clicks. No prompts. Full access. Stay in control of your agents.

Thrilled to see #AgentFlayer in WIRED, FORTUNE, PCMag, Dark Reading, The Hacker News and so many others… And now, two dogs podcasting about Zenity Labs research. 🤣 🎙🐕 youtube.com/watch?v=FhxyWT…

AI Agent Security Summit in NYC was fantastic. Now Zenity Labs is bringing it to SF this October. We’ve had a strong wave of talk proposals on AI agent security, but do we have yours? Apply to speak here: zenity.io/resources/even…

The League is assembling. 100+ talk proposals shaped the AI Agent Security Summit. Presented by Zenity Labs, join us for a full day of multi-track keynotes, lightning talks, panels and more + exclusive swag! 🎁 📅Oct 8 📍San Francisco zenity.io/resources/even…

The League is assembling. 👥 Oct 8 in SF → AI Agent Security Summit. 🤖 100+ talks. 1 full day. Multiple tracks. Community-driven, research-first. 🔐 🔗 zenity.io/resources/even… #AIAgentSecurity #AgenticSecurity