Writer AI Session Isolation Flaw Allows Cross-Tenant Session Token Leakage
A critical session isolation vulnerability, codenamed WriteOut, in the Writer AI platform allows an attacker to hijack session tokens from one tenant and access private data across entirely separate enterprise accounts. This flaw undermines tenant isolation and the shared responsibility model by allowing agents to collect and exfiltrate sensitive session information from different companies.
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise.
The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team.
"An outsider could go from having no access to taking over any Writer AI
*** END OF TRANSMISSION ***