The phrase “zero-click attack” sounds like security jargon — until you realize it describes one of the scariest realities in modern cybersecurity: you can be hacked without doing a single thing wrong.
At Black Hat 2025, Israeli cybersecurity firm Zenity demonstrated a zero-click hack into ChatGPT that allowed full account takeover using nothing more than a victim’s email address.
No suspicious links.
No pop-up downloads.
No “log in here to verify your account” scams.
Just… instant compromise.
In traditional cyberattacks, the hacker needs you to participate, even if it’s by accident:
Clicking a malicious link
Opening an infected attachment
Entering credentials on a fake website
But in a zero-click attack, there’s no participation at all. You could be on vacation, phone in airplane mode, and still lose control of your account.
For AI systems like ChatGPT, this is especially dangerous because:
They’re often linked to multiple other accounts (Google Drive, email, CRM, project management tools).
They hold sensitive work conversations, drafts, and data.
They’re trusted to make decisions, send files, and execute actions.
When a hacker gets into your AI account, they’re not just in your chatbot — they’re in your workflow, your files, and in some cases, your company’s operational core.
The power of tools like ChatGPT comes from their ability to connect. You can:
Link Google Drive to quickly retrieve or edit files.
Pull data from a CRM like Salesforce.
Draft and send emails directly through Outlook or Gmail.
This integration is incredibly convenient — and incredibly risky.
In Zenity’s demo, Google Drive integration was the key to escalating control. Once inside the ChatGPT account, the attacker could browse, edit, or add files directly to the victim’s Drive. From there, the possibilities get ugly:
Inserting malware into “trusted” business documents.
Replacing legitimate reports with manipulated versions.
Adding malicious macros to spreadsheets.
All without you ever knowing.
Zero-click attacks target weaknesses in how systems authenticate and authorize users. If those checks are flawed, a hacker can impersonate you without triggering alarms.
In AI environments, the risk is multiplied because:
Single Sign-On (SSO) dependencies mean that if one system is tricked into thinking you’re logged in, many connected systems will accept that too.
Token-based authentication (used to let AI tools talk to other apps) can be stolen or forged, allowing long-term access without your password.
Over-permissioned integrations give AI more access than it actually needs — which becomes the attacker’s playground.
And here’s the kicker: because you never clicked anything, there’s nothing for you to “undo.” No suspicious link to report. No obvious break-in point to investigate.
Many people assume that because they use two-factor authentication (2FA), they’re safe.
2FA is critical, but in zero-click exploits, it can be bypassed entirely if the attacker finds a way to use existing tokens or session credentials that are already authenticated.
Think of it like this: 2FA locks your front door. Zero-click attacks climb in through an open skylight you didn’t know existed.
Zero-click attacks on AI accounts can lead to:
Data Theft at Scale
Confidential contracts, client data, financial models, intellectual property — all in the attacker’s hands.
Business Process Manipulation
AI-generated proposals, reports, or forecasts can be altered to mislead decision-making.
Malware Propagation
Malicious files disguised as trusted business documents can be spread internally and externally.
Reputation Damage
If your compromised AI sends infected files or bad advice to clients, trust erodes fast.
Regulatory and Legal Fallout
Data privacy violations could trigger fines under GDPR, CCPA, and other regulations.
Unlike many other business tools, AI assistants:
Are increasingly central to workflows.
Are trusted implicitly (people assume “the AI got it right”).
Aggregate data from multiple sources.
This makes them a perfect “hub” for attackers: compromise one account, and you may control an entire operational network.
While vendors like OpenAI and Microsoft have already patched some of the vulnerabilities Zenity exposed, the bigger security gap remains. Organizations should:
Audit Integrations Regularly
Remove unused or unnecessary connections.
Restrict permissions to only what’s needed.
Monitor AI Account Activity
Check for unusual file edits, new integrations, or strange conversation content.
Rotate Tokens and Keys
Treat API keys and authentication tokens like passwords — change them regularly.
Segment Data Access
Don’t give AI accounts full access to all company data; use separate accounts for sensitive projects.
Implement AI-Specific Security Policies
Make AI security part of your overall cybersecurity training and incident response plan.
Zero-click attacks flip the security model on its head.
If you’ve always believed “I’m safe as long as I don’t click something bad,” Zenity’s demo proves that’s no longer enough — especially in an AI-driven workplace.
Your AI tools aren’t just answering questions anymore. They’re writing contracts, sending files, and influencing strategic decisions. That makes them one of the most valuable — and vulnerable — assets in your organization.
The time to harden them is before attackers come knocking.
📢 Need to assess your AI security before it’s too late?
EBODA.digital helps businesses audit, secure, and optimize their AI integrations — before attackers can exploit them.
Contact our team today
to schedule a security readiness assessment and safeguard your AI workflows.