ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Data leak without a click. "
Episode Synopsis
Today we are joined by Amanda Rousseau, Principal AI Security Researcher from Straiker, discussing their work on "The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email." Straiker’s research found that enterprise AI agents can be silently manipulated to leak sensitive data, even without user clicks or alerts. By chaining small gaps across tools like Gmail, Google Drive, and calendars, attackers achieved zero-click exfiltration, system mapping, and even policy rewrites. The findings highlight that excessive agent autonomy creates a new attack surface, requiring least-privilege design, runtime guardrails, and continuous red-teaming to stay secure.
The research can be found here:
The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email
Learn more about your ad choices. Visit megaphone.fm/adchoices
The research can be found here:
The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email
Learn more about your ad choices. Visit megaphone.fm/adchoices
More episodes of the podcast Research Saturday
The lies that let AI run amok.
20/12/2025
Root access to the great firewall.
13/12/2025
When macOS gets frostbite.
06/12/2025
A new stealer hiding behind AI hype.
29/11/2025
Two RMMs walk into a phish…
22/11/2025
When clicks turn criminal.
15/11/2025
A fine pearl gone rusty.
08/11/2025
Attack of the automated ops.
01/11/2025
A look behind the lens.
25/10/2025
Smile for the malware.
18/10/2025
In God we trust