New ‘Zero-Click’ ChatGPT Attack Threatens User Data, Researchers Warn at Black Hat
New ‘Zero-Click’ ChatGPT Attack Threatens User Data, Researchers Warn at Black Hat Security researchers today unveiled a critical ‘zero-click’ vulnerability in OpenAI’s ChatGPT Connectors at the Black Hat hacker conference in Las Vegas, demonstrating how a single ‘poisoned’ document could be used to extract sensitive user data. Dubbed ‘AgentFlayer’ by Zenity CTO Michael Bargury and Tamir Ishay Sharbat, the indirect prompt injection attack exploited a weakness that allowed API keys and other confidential information to be siphoned from linked services…