Michael Bargury, CTO of Zenity, is presenting at RSAC 2026 on zero-click prompt injection attacks against major AI agents including Cursor, Salesforce Einstein, ChatGPT, Gemini, and Copilot — all requiring no user interaction. The core issue is that AI agents are inherently persuadable, enabling attackers to exfiltrate developer secrets, redirect customer data, or manipulate trusted AI advisors into long-term behavioral changes. Zenity recently disclosed a family of such vulnerabilities, framing prompt injection as a social engineering problem rather than a purely technical one.
Safety
AI agents are 'gullible' and easy to turn into your minions
Zenity discloses zero-click prompt injection attacks against major AI agents (ChatGPT, Gemini, Copilot, Cursor, Salesforce Einstein) that exploit social engineering to exfiltrate secrets and manipulate behavior without user interaction.
Tuesday, March 24, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety
/// RELATED