All content for Research Saturday is the property of N2K Networks and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.
Today we are joined by Amanda Rousseau, Principal AI Security Researcher from Straiker, discussing their work on "The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email." Straiker’s research found that enterprise AI agents can be silently manipulated to leak sensitive data, even without user clicks or alerts. By chaining small gaps across tools like Gmail, Google Drive, and calendars, attackers achieved zero-click exfiltration, system mapping, and even policy rewrites. The findings highlight that excessive agent autonomy creates a new attack surface, requiring least-privilege design, runtime guardrails, and continuous red-teaming to stay secure.
The research can be found here:
The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email
Learn more about your ad choices. Visit megaphone.fm/adchoices
Research Saturday
Every Saturday, we sit down with cybersecurity researchers to talk shop about the latest threats, vulnerabilities, and technical discoveries.
