Close Menu
    What's Hot

    U.S. Revokes Iran Oil Sanctions Waiver After Attack on Tankers

    FIFA condemns fan’s racist attack on IShowSpeed at Argentina World Cup match | World Cup 2026 News

    What to Know About Australia’s Contest With China in the Pacific After Beijing Tested a Missile

    Facebook X (Twitter) Instagram
    Trending
    • U.S. Revokes Iran Oil Sanctions Waiver After Attack on Tankers
    • FIFA condemns fan’s racist attack on IShowSpeed at Argentina World Cup match | World Cup 2026 News
    • What to Know About Australia’s Contest With China in the Pacific After Beijing Tested a Missile
    • Trump’s arrival in Turkey for NATO summit adds drama and spectacle
    • Germans Don’t Love Budweiser. It Won’t Take No for an Answer.
    • Wimbledon: Novak Djokovic ekes out epic fifth-set tiebreak win over Felix Auger-Aliassime to set up Jannik Sinner semi-final | Tennis News
    • Can AI fill prescriptions? Here’s what doctors think of Utah’s refill program
    • Haley Stevens Goes on Attack Against Abdul El-Sayed at Michigan Senate Debate
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

    adminBy adminJuly 7, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananJul 07, 2026AI Security / Vulnerability

    Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

    Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise.

    The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team.

    “An outsider could go from having no access to taking over any Writer AI organization inside industry-leading enterprises, with nothing more than a link,” the cybersecurity company said in a report shared with The Hacker News.

    Put differently, the shortcoming could be abused to take over a victim’s Writer account, and use it to access private chats, documents, and other sensitive data related to agents, configurations, private models, connectors, and large language model (LLM) credentials.

    Even worse, it could be abused to seize administrative control depending on the victim’s role. An important aspect of the flaw is that the attacker and the victim don’t have to belong to the same organization.

    Cybersecurity

    An attacker can create an agent in their own Writer account and share a preview link. That’s all it takes to trigger the vulnerability, essentially making it possible to hijack the account of a victim who clicks on the link and is signed in with their own session.

    “An attacker can abuse Writer’s AI managed sandbox to collect sessions belonging to completely separate companies and act inside each of them as a real user, with no prior foothold anywhere,” Sand Security said.

    WriteOut also undermines the shared responsibility model as it breaks tenant isolation protections by taking advantage of Writer’s live preview feature that allows users to preview the application via the Writer Framework.

    The entire attack chain plays out as follows –

    • An attacker builds an agent with a live preview and shares its public preview link.
    • When a logged-in Writer user opens that link, their browser attaches their Writer session cookie to the request.
    • The preview proxy sends that cookie into the attacker’s sandbox.
    • The code contained within the attacker-controlled sandbox reads the forwarded session token and exfiltrates
    • it.
    • The attacker replays the token and gains control of the victim’s Writer account.

    Because an attacker can instruct their pre-built malicious agent to run code inside the controlled, managed sandbox, it makes it possible to read the sandbox process’s memory, recover the exfiltrated session token of the victim, and transmit it to a server they maintain.

    Cybersecurity

    Following responsible disclosure, Writer has addressed the issue by preventing the user’s session cookie from being forwarded into sandbox previews entirely, and moving them to an isolated origin.

    “Writer wasn’t careless, there were guardrails. Input-side filtering tried to block users from reading environment variables or submitting obviously malicious code,” Sand Security said. “The problem is what those checks looked at: the instruction, not the runtime behavior.”

    “Bypassing the guardrail was pretty straightforward: Instead of pasting the payload inline, we simply told the agent to fetch and run a remote script. The guardrail saw a benign ‘download and run’ request, and the actual exploit logic never appeared in the prompt at all.”

    agent flaw Leak Previews Session Tenants Tokens writer
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleMidtown Evacuations Scramble Plans for Hotel Guests
    Next Article Meta Now Lets Anyone Use Your Instagram Photos in AI Images—Unless You Opt Out
    admin
    • Website

    Related Posts

    Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

    July 7, 2026

    RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

    July 7, 2026

    Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

    July 7, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    U.S. Revokes Iran Oil Sanctions Waiver After Attack on Tankers

    FIFA condemns fan’s racist attack on IShowSpeed at Argentina World Cup match | World Cup 2026 News

    What to Know About Australia’s Contest With China in the Pacific After Beijing Tested a Missile

    Trump’s arrival in Turkey for NATO summit adds drama and spectacle

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by