Zenity Labs revealed working "0-click" exploits at Black Hat USA 2025, demonstrating silent compromises of major enterprise AI agents including OpenAI ChatGPT, Microsoft Copilot, and Salesforce Einstein. These exploits allow attackers to exfiltrate sensitive data, manipulate workflows, and impersonate users without any user action, highlighting a new and rapidly expanding attack surface. The research underscores a critical security gap as enterprises rapidly adopt AI, with some vendors patching vulnerabilities while others cite them as intended functionality, leaving organizations exposed to automated, sophisticated threats.
Research from Zenity Labs, presented at Black Hat USA 2025, has revealed a significant new security threat within the enterprise AI ecosystem. The discovery of "AgentFlayer," a set of 0-click exploit chains, demonstrates that prominent AI agents from Microsoft, Salesforce, and OpenAI can be compromised without any user interaction. These are not theoretical flaws but working exploits capable of exfiltrating sensitive data, such as entire CRM databases from a Microsoft Copilot, and rerouting customer communications via Salesforce Einstein. The rapid adoption of these tools, evidenced by Microsoft 365 Copilot's 10x seat growth in 17 months and ChatGPT's 800 million weekly active users, has created a vast and vulnerable attack surface. A critical point of concern is the inconsistent industry response; while some vendors like OpenAI and Microsoft issued patches, others dismissed the vulnerabilities as intended functionality. This divergence underscores a fundamental misalignment between current security postures and the operational reality of AI agents, suggesting that enterprise clients cannot rely solely on vendor-provided mitigations and may face unaddressed risks.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Overall Sentiment
strongly negative
Sentiment Score
-0.75
Ticker Sentiment
