Skip to content

Writer AI: Critical Vulnerability Enabled Session Token Theft Across Tenants

The Bottom Line: A critical vulnerability in Writer AI enabled unauthorized access to session tokens across tenant boundaries, could be triggered via a one-click exploit, and has since been patched.

Researchers at Sand Security Research have disclosed a critical session isolation vulnerability in Writer, an enterprise AI platform. The flaw, termed “WriteOut,” enabled unauthorized access and cross-tenant compromise.

The Sand Security Research team has disclosed details of a critical session isolation vulnerability in Writer that has already been remediated. The flaw — internally named “WriteOut” — would have allowed an attacker to access and take over Writer AI instances of other tenants from outside the system.

The vulnerability was classified as a one-click exploit. Researchers point out that an outsider without prior access could have compromised any Writer AI implementation — a classic cross-tenant risk in multi-tenant architectures. Session tokens were exposed across tenant boundaries.

For CISOs, this vulnerability underscores the criticality of strict session management and isolation in enterprise AI platforms. Particularly in multi-tenant environments, missing or insufficient segmentation presents a maximum risk. Writer has already remediated the flaw; users should confirm that the current version is deployed.


Source: thehackernews.com · Published 7 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.3.

Share on: