Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Flaw in AI Platform Writer Poses Security Risks

Critical Flaw in AI Platform Writer Poses Security Risks

Posted on July 7, 2026 By CWS

Cybersecurity experts have revealed a significant security flaw in the Writer AI platform, a widely used enterprise generative artificial intelligence tool. This vulnerability, which has since been resolved, posed a serious threat by potentially allowing unauthorized access across different tenant accounts.

Details of the WriteOut Vulnerability

The vulnerability, identified as WriteOut by Sand Security Research, was a one-click flaw that could enable an attacker to gain access to any Writer AI organization through a simple link. This breach could have led to unauthorized access to sensitive information such as private conversations, documents, and large language model credentials.

Attackers could exploit this flaw to take over administrative roles without needing to belong to the same organization as the victim. By creating a malicious agent within their own Writer account and sharing a preview link, attackers could hijack a victim’s session upon clicking the link, provided the victim was logged into their account.

Implications for Tenant Isolation and Security

The vulnerability compromised the shared responsibility model by bypassing tenant isolation protections. This was achieved by exploiting Writer’s live preview feature, which allowed users to see application previews through the Writer Framework. As a result, an attacker could act as a legitimate user within different organizations.

The attack sequence involved an attacker creating an agent with a public preview link. When a Writer user opened this link while logged in, their session cookie was inadvertently sent to the attacker’s environment, allowing the attacker to replay the session and gain control over the account.

Resolution and Preventive Measures

Following responsible disclosure, Writer addressed the security issue by ensuring session cookies are not forwarded into sandbox previews and relocating them to an isolated origin. This prevents unauthorized access to session tokens during previews.

Despite the presence of security measures, such as input-side filtering to block malicious code, the vulnerability persisted due to a focus on instructions rather than runtime behavior. Attackers circumvented these measures by directing agents to execute remote scripts, avoiding detection by the existing safeguards.

In summary, the WriteOut vulnerability highlighted critical security challenges in AI platforms, emphasizing the need for robust protection mechanisms to prevent future breaches. As AI technologies continue to evolve, enterprises must remain vigilant in securing their systems against potential threats.

The Hacker News Tags:AI platform, AI security, cyber threat, Cybersecurity, data breach, enterprise AI, Sand Security, session isolation, session tokens, tenant security, Vulnerability

Post navigation

Previous Post: MCP Servers Found with Thousands of Security Flaws
Next Post: County Pays $1 Million to Prevent Data Leak, Reports Show

Related Posts

Managing Shadow AI Tools Efficiently in the Workplace Managing Shadow AI Tools Efficiently in the Workplace The Hacker News
The Case for Dynamic AI-SaaS Security as Copilots Scale The Case for Dynamic AI-SaaS Security as Copilots Scale The Hacker News
AI Agents and Identity Risks in Modern Enterprises AI Agents and Identity Risks in Modern Enterprises The Hacker News
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps The Hacker News
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems The Hacker News
New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show
  • Critical Flaw in AI Platform Writer Poses Security Risks
  • MCP Servers Found with Thousands of Security Flaws

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show
  • Critical Flaw in AI Platform Writer Poses Security Risks
  • MCP Servers Found with Thousands of Security Flaws

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark