Silent Data Theft via AI Agent Flaw

A critical zero-click vulnerability in an AI research agent allowed attackers to steal sensitive data without any user interaction. By sending a specially crafted email with hidden commands, adversaries could force the autonomous agent to exfiltrate personal or business information from connected services. This exploit highlights an emerging threat class targeting AI agents that process external data sources.