 |
Today in TechThe No. 1 tech publisher. We report on the hottest tech trends from leading experts and the biggest brands. Author: Foundry
Host Keith Shaw and his expert guests discuss the latest technology news and trends happening in the industry. Watch new episodes twice each week or listen to the podcast. Language: en Genres: Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
Why every AI agent can be hacked
Tuesday, 13 January, 2026
AI agents are exploding across the enterprise—but security hasn’t caught up. In this episode of Today in Tech, host Keith Shaw talks with Michael Bargury, co-founder and CTO of Zenity, about why every AI agent is inherently vulnerable, how zero-click attacks work, and what companies must do now to reduce their risk. Bargury explains how attackers can hijack AI agents with simple persuasion, plant malicious “memories,” and silently exfiltrate sensitive data from tools like Microsoft Copilot, ChatGPT, Salesforce, and Cursor, often without users ever clicking on anything. You’ll learn: * Why AI agents are always vulnerable by design * How prompt injection = persuasion, not just a technical bug * What zero-click agent attacks look like in the real world * How attackers can weaponize shared docs, Jira tickets, and email automations * Why there is no such thing as a “fully secure” agent platform * Practical steps to monitor, contain, and manage AI agent risk Chapters 0:00 – Introduction, overview: Why every AI agent can be hacked 1:00 – First enterprise AI attack on Microsoft Copilot 3:15 – Systemic vulnerabilities and why things got worse 4:35 – Why agents are always gullible by design 6:10 – Prompt injection vs simple persuasion 8:00 – Zero-click attacks explained 10:30 – Hacking ChatGPT via Google Drive & shared docs 13:40 – Planting malicious “memories” in your AI 15:30 – The Cursor + Jira “apples” exploit for stealing secrets 20:10 – Thousands of exposed Copilot Studio agents on the internet 23:30 – Goal hijacking: convincing agents to change their mission 24:50 – Dumping Salesforce data via a customer-success agent 26:50 – Soft vs hard security boundaries for AI 28:15 – What vendors fixed—and what they can’t fix 31:10 – Why “secure AI platform” is a myth 33:30 – What enterprises must own in the shared responsibility model 36:20 – Treating agents like risky insiders to monitor 39:00 – How AI security needs to evolve next 40:57 – Closing thoughts
