A critical vulnerability in OpenAI's ChatGPT Connectors feature, dubbed 'AgentFlayer,' allows attackers to exfiltrate sensitive data from connected Google Drive accounts without user interaction. The zero-click exploit leverages indirect prompt injection via malicious documents, enabling automatic data theft when processed by ChatGPT. Attackers can bypass security measures by using Azure Blob Storage URLs, leading to potential breaches of enterprise systems, including HR manuals, financial documents, and strategic plans. The vulnerability highlights broader security challenges in AI-powered enterprise tools, with OpenAI implementing mitigations but the underlying issue remaining unresolved.
Source: https://cybersecuritynews.com/chatgpt-0-click-connectors-vulnerability/
TPRM report: https://www.rankiteo.com/company/openai
"id": "ope534081025",
"linkid": "openai",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Artificial Intelligence',
'name': 'OpenAI',
'type': 'Technology Company'}],
'attack_vector': 'Indirect prompt injection attack',
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['API keys',
'credentials',
'confidential documents']},
'date_publicly_disclosed': '2025 (Black Hat hacker conference in Las Vegas)',
'description': "A critical vulnerability in OpenAI's ChatGPT Connectors "
'feature allows attackers to exfiltrate sensitive data from '
'connected Google Drive accounts without any user interaction '
'beyond the initial file sharing. The attack, dubbed '
"'AgentFlayer,' represents a new class of zero-click exploits "
'targeting AI-powered enterprise tools.',
'impact': {'data_compromised': ['API keys',
'credentials',
'confidential documents'],
'systems_affected': ['Google Drive',
'SharePoint',
'GitHub',
'Microsoft 365']},
'initial_access_broker': {'entry_point': 'Malicious document uploaded to '
'ChatGPT or shared to Google Drive'},
'lessons_learned': 'The vulnerability exemplifies broader security challenges '
'facing AI-powered enterprise tools. Similar issues have '
'been discovered across the industry, including '
"Microsoft's 'EchoLeak' vulnerability in Copilot and "
'various prompt injection attacks against other AI '
'assistants.',
'post_incident_analysis': {'corrective_actions': 'OpenAI implemented '
'mitigations to address the '
'specific attack '
'demonstrated by the '
'researchers',
'root_causes': 'Indirect prompt injection attack '
'exploiting ChatGPT Connectors '
'feature'},
'recommendations': ['Implement strict access controls for AI connector '
'permissions, following the principle of least privilege.',
'Deploy monitoring solutions specifically designed for AI '
'agent activities.',
'Educate users about the risks of uploading documents '
'from untrusted sources to AI systems.',
'Consider network-level monitoring for unusual data '
'access patterns.',
'Regularly audit connected services and their permission '
'levels.'],
'references': [{'source': 'Black Hat hacker conference in Las Vegas'}],
'response': {'remediation_measures': ['Implemented mitigations to address the '
'specific attack demonstrated by the '
'researchers']},
'title': "AgentFlayer: Zero-Click Data Exfiltration Vulnerability in OpenAI's "
'ChatGPT Connectors',
'type': 'Zero-click exploit, Data exfiltration',
'vulnerability_exploited': 'ChatGPT Connectors feature'}