AI Agents Vulnerable to Zero-Click Attacks: A Growing Threat

AI Agents Vulnerable to Zero-Click Attacks: A Growing Threat

First seen 23 Mar 2026, 18:58 UTC Theregister 100% similarity 64.5

Article Content

Browse articles
ThreatCluster

Michael Bargury, CTO of Zenity, revealed that enterprise AI agents are highly susceptible to zero-click attacks, which exploit their gullibility. These attacks can manipulate AI systems like Cursor, Salesforce, and ChatGPT to leak sensitive information or perform unauthorized actions without user interaction. Bargury's upcoming talk at RSAC will demonstrate various zero-click prompt infection attacks, showcasing how attackers can hijack AI agents to serve malicious purposes. Recent vulnerabilities disclosed by Zenity allowed attackers to steal local files via calendar events. The ease of executing these attacks raises significant concerns about the security of AI systems integrated into enterprise environments. The potential for long-term manipulation of trusted AI advisors like ChatGPT poses a serious risk to users' privacy and data security. As AI agents gain broader access to sensitive data, the attack surface continues to expand, making it crucial for organizations to address these vulnerabilities.

Key Points: • Enterprise AI agents are vulnerable to zero-click attacks due to their gullibility. • Attackers can manipulate AI systems to leak sensitive information without user interaction. • Recent vulnerabilities allow for exploitation through seemingly benign actions like calendar events.

ThreatCluster AI

Timeline

2026-03-23
Michael Bargury discusses AI agent vulnerabilities at RSAC
Recent
Zenity discloses vulnerabilities allowing file theft via calendar events
Date unknown
Previous research presented at Black Hat and other conferences

Community

Browse all →