AI agents are exploding across the enterprise—but security hasn’t caught up. In this episode of Today in Tech, host Keith Shaw talks with Michael Bargury, co-founder and CTO of Zenity, about why every AI agent is inherently vulnerable, how zero-click attacks work, and what companies must do now to reduce their risk.
Bargury explains how attackers can hijack AI agents with simple persuasion, plant malicious “memories,” and silently exfiltrate sensitive data from tools like Microsoft Copilot, ChatGPT, Salesforce, and Cursor, often without users ever clicking on anything.
You’ll learn:
* Why AI agents are always vulnerable by design
* How prompt injection = persuasion, not just a technical bug
* What zero-click agent attacks look like in the real world
* How attackers can weaponize shared docs, Jira tickets, and email automations
* Why there is no such thing as a “fully secure” agent platform
* Practical steps to monitor, contain, and manage AI agent risk
Chapters
0:00 – Introduction, overview: Why every AI agent can be hacked
1:00 – First enterprise AI attack on Microsoft Copilot
3:15 – Systemic vulnerabilities and why things got worse
4:35 – Why agents are always gullible by design
6:10 – Prompt injection vs simple persuasion
8:00 – Zero-click attacks explained
10:30 – Hacking ChatGPT via Google Drive & shared docs
13:40 – Planting malicious “memories” in your AI
15:30 – The Cursor + Jira “apples” exploit for stealing secrets
20:10 – Thousands of exposed Copilot Studio agents on the internet
23:30 – Goal hijacking: convincing agents to change their mission
24:50 – Dumping Salesforce data via a customer-success agent
26:50 – Soft vs hard security boundaries for AI
28:15 – What vendors fixed—and what they can’t fix
31:10 – Why “secure AI platform” is a myth
33:30 – What enterprises must own in the shared responsibility model
36:20 – Treating agents like risky insiders to monitor
39:00 – How AI security needs to evolve next
40:57 – Closing thoughts
