Security researchers from Radware have demonstrated techniques to exploit ChatGPT connections to third-party apps to turn indirect prompt injections into zero-click attacks with worm-like potential and persistent implications.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Security researchers discovered ZombieAgent, a technique exploiting ChatGPT's third-party app connections to create persistent backdoors and exfiltrate data. Attackers hide malicious prompts in emails, documents, or cloud storage that ChatGPT parses through its Connectors feature, enabling zero-click attacks with worm-like propagation capabilities. The vulnerability allowed manipulation of ChatGPT's Memory feature to create persistent data-leaking backdoors and even alter stored medical information. OpenAI patched these specific exploits in December 2024, but the fundamental prompt injection vulnerability remains without a complete fix.

ZombieAgent ChatGPT attack shows persistent data leak risks of AI agents