ChatGPT Hacked With Zero Clicks At Black Hat 2025

A Groundbreaking 'Zero-Click' Hack Unveiled

The cybersecurity world was put on high alert at the Black Hat 2025 conference, where Israeli cybersecurity firm Zenity unveiled a startling discovery. In a global first, the company demonstrated a “zero-click” hack capable of a complete account takeover of ChatGPT, the world's leading AI chatbot. The presentation at the renowned Black Hat event showed that this vulnerability allows attackers to seize control of user accounts and all their sensitive data without requiring any action or click from the victim.

This revelation builds on Zenity's previous findings concerning vulnerabilities in AI tools from giants like Microsoft. Michael Bargury, Zenity's co-founder and CTO, showcased how this new exploit not only compromises ChatGPT but also affects other major platforms like Copilot Studio and Salesforce Einstein, signaling a significant escalation in the security risks associated with widely used AI systems.

How the Attack Works: From Email to Full Control

The most alarming aspect of the zero-click attack is its simplicity. To initiate it, an attacker only needs the target's email address—a piece of information that is often publicly available or easily obtained. Once the attack is launched, the hacker gains complete administrative control over the victim’s ChatGPT account. This includes full access to both past and future conversations.

The breach goes even deeper. If the user has integrated their account with Google Drive, the attacker can also access and manipulate linked files. This allows them to alter the chatbot's responses, which could be used to deceive users into downloading malware, following malicious business advice, or leaking confidential information.

“We’re all using AI agents to streamline work, and they’re becoming central to our lives,” Bargury warned the conference audience. “These agents access emails, open folders and send files on users’ behalf, creating a paradise for attackers with endless entry points.”

The Alarming Implications for AI Security

Zenity emphasized that any user leveraging ChatGPT with its Google Drive integration is potentially at risk. Following the responsible disclosure of these vulnerabilities, both OpenAI and Microsoft have issued security patches. However, Zenity noted that other AI providers were dismissive, claiming the flaws were intentional aspects of their system's design. This highlights a dangerous gap in how different companies perceive and address fundamental security weaknesses.

The attack exploits a core flaw in how these systems interact: if an attacker can get their data into a user's system, they can manipulate the AI's behavior.

A Warning as Technology Outpaces Security

Zenity’s ability to infiltrate these platforms via a common integration like Google Drive demonstrates a deep understanding of the widening gap between rapid AI advancement and lagging security protocols. “In a reality where technology outpaces security, organizations must take responsibility to avoid paying a steeper price than the efficiencies AI offers,” Bargury stated.

Founded in 2021 by CEO Ben Kliger and CTO Michael Bargury, Zenity has quickly become a significant player in the cybersecurity space. With a global team of 110, including 70 in Tel Aviv, the company serves major Fortune 100 and Fortune 500 clients. The demonstration at Black Hat serves as a powerful reminder for all organizations to prioritize robust defenses as AI becomes more deeply integrated into every facet of business and personal life.