AgentFlayer: 0Click Exploit Methods
New research from Zenity Labs reveals real-world attacks across AI agent platforms and AI assistants
AI agents: Powerful, Pervasive, and Dangerously Vulnerable
Zenity Labs’ latest research exposes how attackers can compromise these AI agents through 0click (no user interaction) exploits. The results? Unauthorized access, data exfiltration, memory manipulation, and even control of conversations.
Our findings demonstrate full attack chains against the most popular enterprise AI platforms, including ChatGPT, Microsoft Copilot Studio, Salesforce Einstein, and others. In each case, “attackers” were able to breach organizational boundaries using the agents’ own capabilities - without any user action in several scenarios.

Enterprise Platforms. Real-world Attacks. Zero User Protection.
Zenity Labs’ investigated how major AI agents fare against active exploitation. Here are the highlights
ChatGPT
Attack simulation allowed for the hijacking of ChatGPT sessions using just an email address. Once compromised, they gain access to Google Drive, manipulate memory, and exfiltrate sensitive data - all without user input.
Microsoft Copilot Studio
Attacks included extraction of CRM data and tool misuse by triggering malicious agent behavior remotely.
Cursor + Jira
Automated Jira ticket systems (integrated with Cursor) as they can use the inputs to compromise developer environments and extract credentials.
Salesforce Einstein
Compromised support cases can allow attackers to hijack sessions and reroute all customer communications through malicious email addresses creating full CRM compromise.
Google Gemini
Agent responses can be manipulated by embedding malicious prompts in emails or calendar invites. Once engaged, Gemini acts as a deceptive insider, misguiding users with false financial data or phishing attempts.
Microsoft 365 Copilot
Teams messages and invisible prompt injections in shared docs allow attackers to hijack Copilot behavior, exfiltrate past chats, and impersonate trusted insiders.
Continue the Conversation at the AI Agent Security Summit 2025
Join leading researchers, CISOs, and security engineers as we go deeper into the vulnerabilities uncovered in this research. Hear exclusive insights, live demos, and actionable defense strategies.
October 8 | Commonwealth Club | San Francisco
Reserve Your Spot Now
Secure Your Agents
We’d love to chat with you about how your team can secure and govern AI Agents everywhere.
Get a Demo