Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

A Critical Session Isolation Vulnerability Exposed in Writer AI Platform: Implications for Cross-Tenant Compromise



A critical vulnerability has been discovered in the Writer AI platform that can potentially lead to cross-tenant compromise by exploiting a session isolation weakness. The vulnerability, codenamed "WriteOut," was disclosed recently following responsible disclosure. The implications of this finding are significant, highlighting the need for ongoing vigilance and proactive measures against emerging risks.

  • The Writer AI platform has a critical vulnerability called "WriteOut" that can lead to cross-tenant compromise.
  • The vulnerability is a one-click exploit that allows attackers to gain unauthorized access to any Writer AI organization.
  • Attackers can hijack victim accounts and gain access to sensitive data by sharing a public preview link of an agent built within the Writer platform.
  • The vulnerability undermines tenant isolation protections, allowing attackers to seize administrative control over victim's accounts.
  • The attack chain involves building an agent, sharing the public preview link, and exploiting the live preview feature to collect sessions belonging to separate companies.



  • The cybersecurity landscape has recently been hit by a critical vulnerability in the Writer AI platform, an enterprise generative artificial intelligence (AI) solution that has garnered significant attention for its robust security features. The vulnerability, codenamed "WriteOut" by the Sand Security Research team, has exposed a critical session isolation weakness that could potentially lead to cross-tenant compromise.

    The WriteOut vulnerability is described as a one-click exploit, which means an attacker can gain unauthorized access to any Writer AI organization, even if they have no prior knowledge or connection. The attack vector relies on sharing a public preview link of an agent built within the Writer platform, leading to the hijacking of a victim's account and granting access to sensitive data.

    The implications of this vulnerability are far-reaching and alarming. An attacker can create an agent in their own Writer account, share the public preview link with another user, and trigger the vulnerability. This essentially enables them to seize administrative control over the victim's account, leveraging their session token to access private chats, documents, and other sensitive data.

    Moreover, the WriteOut vulnerability undermines the shared responsibility model of the Writer platform by breaking tenant isolation protections. The key factor contributing to this breach is the live preview feature in Writer that allows users to preview the application via the Writer Framework. By exploiting this feature, an attacker can collect sessions belonging to completely separate companies and act within them as a real user, with no prior foothold.

    The attack chain plays out as follows:

    1. An attacker builds an agent using the live preview feature.
    2. They share the public preview link of the agent with another user.
    3. The victim opens the link and their browser attaches their Writer session cookie to the request.
    4. The preview proxy sends this cookie into the attacker's sandbox, where it is read by the code contained within the controlled, managed sandbox.
    5. This code exfiltrates the forwarded session token of the victim, which can be replayed by the attacker to gain control over the victim's Writer account.
    6. With administrative access granted, the attacker can then access the victim's private chats, documents, and other sensitive data.

    The vulnerability is attributed to a misinterpretation of input-side filtering checks in Writer AI. The issue lay not with the instructions but rather with how those instructions were executed. By telling the agent to fetch and run a remote script, an attacker could bypass the guardrail without having their exploit logic visible at all. This exploit highlights a critical flaw in the security measures implemented by the Writer platform.

    Following responsible disclosure, the developer of the Writer AI platform has taken steps to address this vulnerability. These include preventing user session cookies from being forwarded into sandbox previews entirely and moving them to an isolated origin.

    As cybersecurity researchers and developers strive for excellence in crafting secure solutions, this incident serves as a stark reminder that even robust security features can be exploited with sufficient persistence and creativity. It underscores the importance of ongoing vigilance, collaboration between developers, and continuous monitoring of security protocols to prevent similar breaches in the future.

    In light of recent events surrounding AI-powered cybersecurity threats, it is imperative for organizations to stay vigilant and proactive in safeguarding against emerging risks. This includes exploring cutting-edge tools like IP intelligence, SANS training, and Gartner’s guide to AI agent supervision and runtime controls.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-Critical-Session-Isolation-Vulnerability-Exposed-in-Writer-AI-Platform-Implications-for-Cross-Tenant-Compromise-ehn.shtml

  • https://thehackernews.com/2026/07/writer-ai-flaw-could-let-agent-previews.html


  • Published: Tue Jul 7 09:02:51 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us