Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Flaw in AI Platform Writer Poses Security Risks

Critical Flaw in AI Platform Writer Poses Security Risks

Posted on July 7, 2026 By CWS

Cybersecurity experts have revealed a significant security flaw in the Writer AI platform, a widely used enterprise generative artificial intelligence tool. This vulnerability, which has since been resolved, posed a serious threat by potentially allowing unauthorized access across different tenant accounts.

Details of the WriteOut Vulnerability

The vulnerability, identified as WriteOut by Sand Security Research, was a one-click flaw that could enable an attacker to gain access to any Writer AI organization through a simple link. This breach could have led to unauthorized access to sensitive information such as private conversations, documents, and large language model credentials.

Attackers could exploit this flaw to take over administrative roles without needing to belong to the same organization as the victim. By creating a malicious agent within their own Writer account and sharing a preview link, attackers could hijack a victim’s session upon clicking the link, provided the victim was logged into their account.

Implications for Tenant Isolation and Security

The vulnerability compromised the shared responsibility model by bypassing tenant isolation protections. This was achieved by exploiting Writer’s live preview feature, which allowed users to see application previews through the Writer Framework. As a result, an attacker could act as a legitimate user within different organizations.

The attack sequence involved an attacker creating an agent with a public preview link. When a Writer user opened this link while logged in, their session cookie was inadvertently sent to the attacker’s environment, allowing the attacker to replay the session and gain control over the account.

Resolution and Preventive Measures

Following responsible disclosure, Writer addressed the security issue by ensuring session cookies are not forwarded into sandbox previews and relocating them to an isolated origin. This prevents unauthorized access to session tokens during previews.

Despite the presence of security measures, such as input-side filtering to block malicious code, the vulnerability persisted due to a focus on instructions rather than runtime behavior. Attackers circumvented these measures by directing agents to execute remote scripts, avoiding detection by the existing safeguards.

In summary, the WriteOut vulnerability highlighted critical security challenges in AI platforms, emphasizing the need for robust protection mechanisms to prevent future breaches. As AI technologies continue to evolve, enterprises must remain vigilant in securing their systems against potential threats.

The Hacker News Tags:AI platform, AI security, cyber threat, Cybersecurity, data breach, enterprise AI, Sand Security, session isolation, session tokens, tenant security, Vulnerability

Post navigation

Previous Post: MCP Servers Found with Thousands of Security Flaws
Next Post: County Pays $1 Million to Prevent Data Leak, Reports Show

Related Posts

INTERPOL’s Major Cybercrime Bust: 45,000 IPs Dismantled INTERPOL’s Major Cybercrime Bust: 45,000 IPs Dismantled The Hacker News
New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data The Hacker News
North Korea-Linked npm Packages Pose Threat to Developers North Korea-Linked npm Packages Pose Threat to Developers The Hacker News
Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack The Hacker News
LiteSpeed Plugin Flaw Exploited for Root Access LiteSpeed Plugin Flaw Exploited for Root Access The Hacker News
OpenAI Introduces ChatGPT Lockdown Mode for Enhanced Security OpenAI Introduces ChatGPT Lockdown Mode for Enhanced Security The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark