Michaela
Summary: What vulnerability did Israeli firm Zenity discover in ChatGPT?
Zenity uncovered a “Zero Click” vulnerability that lets hackers take over ChatGPT accounts using only the user’s email address. Attackers can access past and current chats, change conversation goals, and manipulate the AI without the user’s knowledge. This raises serious concerns about data privacy and security.
Israeli cybersecurity firm Zenity has uncovered a vulnerability in ChatGPT that allows attackers to access accounts and extract sensitive data without any user interaction, such as clicking links or opening files.
Zenity identified what it calls the first-ever “Zero Click” vulnerability in OpenAI’s ChatGPT platform, according to The Jerusalem Post. Mikhail Bergori, Zenity’s co-founder and CTO, showcased the exploit during the Black Hat 2025 conference held in Las Vegas.
Related: Trump Vows 1,600 New Power Plants to Slash US Electricity Costs Fast
Bergori demonstrated that an attacker could leverage just a user’s email address to gain complete control over their ChatGPT account. This access would allow the hacker to view previous and ongoing conversations, modify the objectives of the chats, and manipulate the AI to act under their direction.
Once compromised, the ChatGPT account could be manipulated to act maliciously without the user’s knowledge. Zenity presented that attackers might use the chatbot to deceive users into downloading malware, provide false business advice, or access files stored on linked Google Drive accounts. Zenity also emphasized that these actions could take place entirely without the user’s awareness.
Zenity’s Warning Amid Growing ChatGPT Use
The discovery of these vulnerabilities raises important questions about data privacy and security, especially as the U.S. government moves forward with plans to integrate ChatGPT across all federal agencies.
Related: Disney to Invest $1B in OpenAI for AI-Generated Videos Featuring Iconic Characters
In early August, the U.S. General Services Administration (GSA) entered a “first-of-its-kind” agreement with OpenAI to provide broad access to ChatGPT Enterprise, a specialized AI chatbot subscription tailored for businesses and organizations, to participating federal agencies.
Under the terms of the deal, each agency will gain access for a nominal fee of $1 for one year, accompanied by an additional 60-day period of unrestricted use of OpenAI’s most advanced models.
Public response to the announcement has been divided. While many have praised the government’s move to embrace advanced AI technologies, others have expressed apprehension regarding privacy protections, regulatory oversight, and the potential long-term consequences.
As AI continues to weave itself into the fabric of both public institutions and everyday life, balancing innovation with robust security measures will be crucial. Ensuring that powerful tools like ChatGPT are deployed responsibly will determine how effectively we can harness their potential while safeguarding sensitive information.
Read More
- ChatGPT Gave Ritual Advice, Went Off the Rails
- Saying “Please” to ChatGPT Adds Millions to OpenAI Costs
- OpenAI Faces IRS Heat—Could Its Nonprofit Status Be in Jeopardy?
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
