The Bottom Line: A critical vulnerability in Writer AI enabled unauthorized access to session tokens across tenant boundaries, could be triggered via a one-click exploit, and has since been patched.
Researchers at Sand Security Research have disclosed a critical session isolation vulnerability in Writer, an enterprise AI platform. The flaw, termed “WriteOut,” enabled unauthorized access and cross-tenant compromise.
The Sand Security Research team has disclosed details of a critical session isolation vulnerability in Writer that has already been remediated. The flaw — internally named “WriteOut” — would have allowed an attacker to access and take over Writer AI instances of other tenants from outside the system.
The vulnerability was classified as a one-click exploit. Researchers point out that an outsider without prior access could have compromised any Writer AI implementation — a classic cross-tenant risk in multi-tenant architectures. Session tokens were exposed across tenant boundaries.
For CISOs, this vulnerability underscores the criticality of strict session management and isolation in enterprise AI platforms. Particularly in multi-tenant environments, missing or insufficient segmentation presents a maximum risk. Writer has already remediated the flaw; users should confirm that the current version is deployed.
Source: thehackernews.com · Published 7 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.3.