Michaela
Summary: ββWhat vulnerability did Israeli firm Zenity discover in ChatGPT?
Zenity uncovered a “Zero Click” vulnerability that lets hackers take over ChatGPT accounts using only the userβs email address. Attackers can access past and current chats, change conversation goals, and manipulate the AI without the userβs knowledge. This raises serious concerns about data privacy and security.
Israeli cybersecurity firm Zenity has uncovered a vulnerability in ChatGPT that allows attackers to access accounts and extract sensitive data without any user interaction, such as clicking links or opening files.
Zenity identified what it calls the first-ever “Zero Click” vulnerability in OpenAIβs ChatGPT platform, according to The Jerusalem Post. Mikhail Bergori, Zenityβs co-founder and CTO, showcased the exploit during the Black Hat 2025 conference held in Las Vegas.
Related: SpaceX Buys Muskβs xAI to Power Bold Plan for Data Centers in Space
Bergori demonstrated that an attacker could leverage just a userβs email address to gain complete control over their ChatGPT account. This access would allow the hacker to view previous and ongoing conversations, modify the objectives of the chats, and manipulate the AI to act under their direction.
Once compromised, the ChatGPT account could be manipulated to act maliciously without the userβs knowledge. Zenity presented that attackers might use the chatbot to deceive users into downloading malware, provide false business advice, or access files stored on linked Google Drive accounts. Zenity also emphasized that these actions could take place entirely without the userβs awareness.
Zenityβs Warning Amid Growing ChatGPT Use
The discovery of these vulnerabilities raises important questions about data privacy and security, especially as the U.S. government moves forward with plans to integrate ChatGPT across all federal agencies.
Related: No Humans Allowed: Moltbook is a New Social Platform Exclusive for AI Bots
In early August, the U.S. General Services Administration (GSA) entered a βfirst-of-its-kindβ agreement with OpenAI to provide broad access to ChatGPT Enterprise, a specialized AI chatbot subscription tailored for businesses and organizations, to participating federal agencies.
Under the terms of the deal, each agency will gain access for a nominal fee of $1 for one year, accompanied by an additional 60-day period of unrestricted use of OpenAIβs most advanced models.
Public response to the announcement has been divided. While many have praised the governmentβs move to embrace advanced AI technologies, others have expressed apprehension regarding privacy protections, regulatory oversight, and the potential long-term consequences.
As AI continues to weave itself into the fabric of both public institutions and everyday life, balancing innovation with robust security measures will be crucial. Ensuring that powerful tools like ChatGPT are deployed responsibly will determine how effectively we can harness their potential while safeguarding sensitive information.
Read More
- ChatGPT Gave Ritual Advice, Went Off the Rails
- Saying βPleaseβ to ChatGPT Adds Millions to OpenAI Costs
- OpenAI Faces IRS HeatβCould Its Nonprofit Status Be in Jeopardy?
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
