Michaela
Summary: What vulnerability did Israeli firm Zenity discover in ChatGPT?
Zenity uncovered a “Zero Click” vulnerability that lets hackers take over ChatGPT accounts using only the user’s email address. Attackers can access past and current chats, change conversation goals, and manipulate the AI without the user’s knowledge. This raises serious concerns about data privacy and security.
Israeli cybersecurity firm Zenity has uncovered a vulnerability in ChatGPT that allows attackers to access accounts and extract sensitive data without any user interaction, such as clicking links or opening files.
Zenity identified what it calls the first-ever “Zero Click” vulnerability in OpenAI’s ChatGPT platform, according to The Jerusalem Post. Mikhail Bergori, Zenity’s co-founder and CTO, showcased the exploit during the Black Hat 2025 conference held in Las Vegas.
Bergori demonstrated that an attacker could leverage just a user’s email address to gain complete control over their ChatGPT account. This access would allow the hacker to view previous and ongoing conversations, modify the objectives of the chats, and manipulate the AI to act under their direction.
Once compromised, the ChatGPT account could be manipulated to act maliciously without the user’s knowledge. Zenity presented that attackers might use the chatbot to deceive users into downloading malware, provide false business advice, or access files stored on linked Google Drive accounts. Zenity also emphasized that these actions could take place entirely without the user’s awareness.
Zenity’s Warning Amid Growing ChatGPT Use
The discovery of these vulnerabilities raises important questions about data privacy and security, especially as the U.S. government moves forward with plans to integrate ChatGPT across all federal agencies.
In early August, the U.S. General Services Administration (GSA) entered a “first-of-its-kind” agreement with OpenAI to provide broad access to ChatGPT Enterprise, a specialized AI chatbot subscription tailored for businesses and organizations, to participating federal agencies.
Under the terms of the deal, each agency will gain access for a nominal fee of $1 for one year, accompanied by an additional 60-day period of unrestricted use of OpenAI’s most advanced models.
Public response to the announcement has been divided. While many have praised the government’s move to embrace advanced AI technologies, others have expressed apprehension regarding privacy protections, regulatory oversight, and the potential long-term consequences.
As AI continues to weave itself into the fabric of both public institutions and everyday life, balancing innovation with robust security measures will be crucial. Ensuring that powerful tools like ChatGPT are deployed responsibly will determine how effectively we can harness their potential while safeguarding sensitive information.
Read More
- ChatGPT Gave Ritual Advice, Went Off the Rails
- Saying “Please” to ChatGPT Adds Millions to OpenAI Costs
- OpenAI Faces IRS Heat—Could Its Nonprofit Status Be in Jeopardy?
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
