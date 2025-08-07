New findings from a group of researchers at the Black Hat hacker conference in Las Vegas has revealed that it only takes one "poisoned" document to gain access to private data using ChatGPT that has been connected to outside services. One of the ways that OpenAI has made ChatGPT even more useful for its userbase is by allowing you to connect it to various outside services, like Google Drive, GitHub, and more. But connecting ChatGPT to these private data storage solutions could actually put your data at risk of being exposed, the new research shows.

The attack, which has been dubbed AgentFlayer, was designed by researchers Michael Bargury and Tamir Ishay Sharbat. When utilized, it shows that indirect prompt injection is possible through a single document that has been inlaid with the right instructions. When used, this kind of attack could give bad actors access to developer secrets like API keys and more.

For instance, in this case, the researchers included an invisible prompt injection payload in a document before it was uploaded to ChatGPT. When an image in the document is rendered by ChatGPT, a request is automatically sent to the attacker's server using the invisible prompt. Just like that, the data has been stolen, and the victim is none the wiser.