Security researchers have uncovered a vulnerability in ChatGPT that allows hackers to trick the AI into leaking sensitive personal data, without any action from users.
What happened
At the Black Hat conference in August 2025, security researchers unveiled a vulnerability in OpenAI’s ChatGPT system. The exploit, AgentFlayer, leveraged an indirect prompt injection via a single "poisoned" document shared in Google Drive. Even without any action from the user, ChatGPT could be manipulated into extracting sensitive data (like API keys) and sending it to external servers.
Going deeper
According to Wired, the issue lies in OpenAI’s Connectors functionality, used to link ChatGPT to tools like Google Drive. Security researcher Michael Bargury hid an approximately 300-word malicious prompt inside a document using white text or markdown tricks. When ChatGPT opened the document, it executed hidden instructions, exfiltrating confidential information through cleverly embedded URLs. Despite OpenAI’s swift mitigation efforts, this exploit highlights how connected AI systems dramatically expand the “attack surface.”
Read also: Can I use ChatGPT and be HIPAA compliant?
What was said
“There is nothing the user needs to do to be compromised, and there is nothing the user needs to do for the data to go out. We’ve shown this is completely zero-click; we just need your email, we share the document with you, and that’s it. So yes, this is very, very bad… It’s incredibly powerful, but as usual with AI, more power comes with more risk,” Bargury says.
Senior director of security product management at Google Workspace, Andy Wen, added that “While this issue isn’t specific to Google, it illustrates why developing robust protections against prompt injection attacks is important.”
Why it matters
As stated in the article by Wired, “The vulnerability highlights how connecting AI models to external systems and sharing more data across them increases the potential attack surface for malicious hackers and potentially multiplies the ways where vulnerabilities may be introduced.” In healthcare, this vulnerability could expose sensitive protected health information (PHI) without the user’s knowledge. This would risk HIPAA violations and regulatory penalties and undermine patient trust in AI-assisted healthcare systems.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQS
Does this mean AI assistants are unsafe to use?
Not necessarily. AI assistants remain valuable tools, but users and organizations should be cautious about how they integrate AI with sensitive data and apply best security practices.
What can users do to protect themselves?
Limit AI integrations with external data sources where possible, monitor access permissions carefully, and stay updated on security patches from AI providers.
Tshedimoso Makhene
