DifyTap Flaws Let Attackers Read AI Chats Across Tenants
🟠 High | Source: The Hacker News Four vulnerabilities collectively dubbed DifyTap have been found in Dify, a widely-used open-source AI workflow platform, that allow attackers to read AI conversations belonging to other tenants without needing to log in. Discovered by Zafran Security, the flaws represent a serious multi-tenancy isolation failure in a platform used to build and deploy AI agents. This matters because AI conversations often contain sensitive business data, proprietary prompts, and potentially personal information. ...