If you’ve been following this series, you already know that the Zenity team’s Black Hat 2025 demonstration showed something alarming: a hacker can take control of your ChatGPT account without you clicking a single link.
But here’s what might be even more unnerving — the attack starts with something you’ve probably given away thousands of times: your email address.
It’s in your email signature.
It’s on your LinkedIn profile.
It’s on your company website.
For years, we’ve been told email addresses are safe to share — the “phone number” of the internet. But in this new AI-driven security reality, that’s no longer true.
This isn’t a challenge. Even if you tried to hide it, your email is likely in dozens of public places. Sales databases, marketing tools, and even old conference attendee lists can all surface your address in seconds.
Hackers can also scrape social networks, leaked password databases, or even company “Meet the Team” pages to collect them in bulk.
The Zenity team didn’t publish their exact exploit chain (for good reason), but the general principle is clear:
Many AI tools, including ChatGPT, use Single Sign-On (SSO) or OAuth integrations to let you log in with your Google or Microsoft account.
If an attacker can trick the AI platform into associating your account with their own session or token, they can log in as you without ever touching your password or 2FA.
It’s not about guessing your credentials — it’s about manipulating the handshake between systems so the AI thinks the hacker is you.
Once they’re in, the attacker gets access to whatever your AI account can see and do:
Past and current conversations — which may contain sensitive business strategies, financial data, or client names.
Connected apps like Google Drive, Outlook, Slack, or Trello.
Workflows and automations that can be hijacked to send files, emails, or even make API calls to other systems.
If you’ve granted “read and write” permissions to your AI for convenience, those permissions are now the attacker’s too.
Unlike some hacks where the intruder is in-and-out quickly, AI account compromises can be long-term and stealthy.
The attacker can add new integrations under your account, giving them backdoor access even if you change your password.
They can alter AI output to subtly influence decisions — for example, tweaking a sales proposal to include the wrong pricing, or inserting malicious links into documents.
They can replace trusted files in your connected storage with tampered versions, infecting anyone who opens them.
Before AI, stealing an email address was low-value unless it was paired with a stolen password.
Now, an email address can be the starting point for a full takeover of the AI systems your business relies on.
And because AI tools often centralize your workflows — pulling in data from many places — compromising the AI can be more damaging than compromising a single email inbox.
Until AI vendors overhaul how they handle authentication and permissions, the responsibility for reducing risk is partly on users and organizations. Here’s what you can do:
Review AI Account Integrations
Disconnect any app you don’t actively use.
Revoke “write” access unless it’s essential.
Limit AI Data Access
Keep sensitive files in separate, non-linked storage.
Don’t use AI to process confidential information unless your company has approved safeguards in place.
Rotate API Keys and Tokens
Treat them like passwords — if they’re ever leaked or abused, they’re a skeleton key.
Monitor AI Output for Anomalies
Watch for tone changes, unusual links, or odd suggestions from your AI — these can be subtle signs of compromise.
Push Vendors for Transparency
Ask your AI provider how they’re mitigating zero-click risks and what security alerts they offer.
We’re in uncharted waters. The combination of:
High trust in AI outputs
Deep integration with business systems
Weak integration security standards
…means that a breach in one place can cascade through an organization faster than most incident response plans can handle.
Email addresses were never meant to be “keys to the kingdom.” But in the AI era, attackers have found ways to make them just that.
In our next post, we’ll step away from the technical and into the human side of this problem with “When Your AI Assistant Turns Against You: Real Scenarios You Should Worry About” — walking through plausible, chilling examples of how a compromised AI can harm individuals, teams, and entire companies.
📢 Protect Your AI, Protect Your Business
EBODA.digital
helps organizations audit their AI integrations, limit risk, and train teams to recognize subtle signs of compromise before they escalate.
Contact us today
to schedule your AI Security Readiness Assessment.