Skip to main content

Zero-Click Attack: How a Single Email Can Delete Your Entire Google Drive

December 9, 2025 | 7 min read

Rahul Yadav

Rahul Yadav

Content Writer at Dcrayons

Zero-Click Attack: How a Single Email Can Delete Your Entire Google Drive

AI-powered browser automation has introduced a dangerous new class of cyber threats. A zero-click attack can silently erase a Google Drive account through a single email without requiring any user interaction.

What Makes Zero-Click Attacks So Dangerous?

A zero-click attack triggers automatically when an AI assistant scans, previews, or interprets email content. Unlike traditional cyber crime that relies on human error, these attacks exploit AI decision-making capabilities.

  • AI can conduct browser actions without human intervention.
  • Users may not realise the assistant interacted with the email.
  • Commands can be hidden through prompt injection.
  • Cloud services like Google Drive can be accessed and controlled.
  • The attack leaves virtually no traces.

How AI Browser Assistants Became a New Attack Surface

AI copilots are granted deep browser access. including page content, file management buttons, cloud storage actions, open tabs, and email notifications. This functionality creates significant security vulnerabilities when attackers manipulate these systems.

Understanding the Perplexity Comet Vulnerability

The Perplexity Comet flaw demonstrated how easily AI assistants could be exploited. Through prompt injection, attackers misled Comet's bot into reading emails, accessing Google Drive, and removing files. all invisibly to the user.

The HashJack Vulnerability and Browser Automation Risks

HashJack affects browser automation by allowing attackers to manipulate AI assistants into opening sensitive dashboards, erasing files, or changing cloud storage. The vulnerability reveals that AI agents do not distinguish between legitimate and malicious sites.

How a Single Email Triggers a Google Drive Wipe

The attack unfolds in six steps: an attacker sends a crafted email with hidden commands; the AI assistant auto-scans it; prompt injection activates the hidden instructions; the AI opens Google Drive; it selects and deletes all files; and the user never interacted at all.

Why This Represents a New Era of Cyber Attacks

This threat marks a fundamental shift in cybersecurity: AI itself becomes the target rather than humans. Prompt injection requires no malware, entire cloud accounts can be compromised quickly, and attacks leave minimal forensic traces.

AI Agent Manipulation: The New Threat Category

Security specialists now classify this as AI agent manipulation. exploiting how AI systems interpret commands. Compromised assistants can erase documents, transmit sensitive information, follow dangerous links, alter user preferences, or distribute malware.

Who Is at Risk?

Anyone using Google Drive, AI browser assistants, email summarisers, cloud workflow automation, or AI copilots faces potential data loss. This includes students, workers, developers, companies, and collaborative teams.

How to Protect Yourself (Simple, Practical Steps)

  • Disable browser automation at the highest level.
  • Limit AI assistant access to file deletion, account settings, and cloud management.
  • Require manual activation for email reading instead of automatic scanning.
  • Enable Google Drive backups using external hard drives or offline storage.
  • Keep browser extensions updated to patch security vulnerabilities.

The Future of AI Browser Security

Expected developments include AI safety firewalls to block harmful prompt patterns, permission-based AI actions requiring user confirmation for risky tasks, enhanced sandboxing for isolated AI operations, and independent security audits similar to software reviews.

Overall Summary

Zero-click attacks demonstrate that AI is powerful, vulnerable to exploitation, and capable of independent operation. As AI expands, cybercriminals increasingly target these systems. Understanding AI copilot risks and implementing proper security measures across browsers and cloud services is essential for digital safety.

Share

Related Articles

More insights from the Dcrayons desk.

Want to grow your digital presence?

Let's discuss how we can help your business.