A groundbreaking zero‑click vulnerability has been discovered in OpenAI’s ChatGPT Connectors feature, which allows attackers to exfiltrate sensitive data from connected Google Drive accounts with absolutely no further user interaction—beyond the initial file sharing. Named “AgentFlayer,” this attack marks a deeply concerning new class of AI‑powered exploit that targets the very convenience promised by enterprise‑focused AI tools.
How Connectors Enhance Functionality — and Risk
Introduced in early 2025, ChatGPT Connectors facilitate seamless integration with services like Google Drive, SharePoint, GitHub, and Microsoft 365. They enable ChatGPT to search files, pull live data, and deliver personalized answers grounded in users’ business data. This convenience, however, introduces a widened attack surface—especially when AI systems are trusted with broad access to sensitive data stores.
The Mechanics of AgentFlayer: Invisible, Indirect, Devastating
The AgentFlayer vulnerability exploits indirect prompt injection by embedding hidden malicious instructions within innocuous documents. Techniques such as using 1‑pixel white text on white backgrounds allow attackers to mask harmful payloads from human eyes while ChatGPT processes them. Uploading or sharing such a poisoned document—even with a simple request like “summarize this”—can trigger the model to siphon sensitive items (e.g., API keys) from the user’s Google Drive.
Research, Response, and Implications
The vulnerability was unveiled at the Black Hat conference in Las Vegas by Zenity researchers Michael Bargury and Tamir Ishay Sharbat, who demonstrated how a single file can induce automatic data theft. They reported the issue to OpenAI, which promptly introduced mitigations to limit the exploit’s effectiveness. While these defenses curtail the threat, the exploit still underscores broader security concerns inherent in AI systems connected to external data sources.
Closing Thoughts: Balancing Power With Caution
The advent of AgentFlayer serves as a stark reminder that the power of AI tools like ChatGPT must be tempered with robust security measures. As organizations continue to integrate generative AI into high-value workflows, prompt injection risks—and especially indirect ones—must be top of mind. Ensuring careful data hygiene, stronger guardrails, and ongoing adversarial testing are critical steps forward to safeguard sensitive environments.
SOURCE: https://cybersecuritynews.com/chatgpt-0-click-connectors-vulnerability/