zafran.io

DifyTap: Zafran discovers how attackers can silently wiretap AI data across tenants on a platform powering 1M+ apps (opens in new tab)

Covered by 4 sources See all sources covering this story including SecurityWeek, The Hacker News

Zafran Security uncovered four vulnerabilities in Dify, the open-source AI platform powering over one million applications and used by enterprises including Volvo, Maersk, Panasonic, and Thermo Fisher. Two were critical severity, two required no authentication, and three carried cross-tenant impact on Dify's multi-tenant cloud service, allowing one customer's data to be exposed to another.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 4 articles

SecurityWeek·

Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps

Feeds
The Hacker News·

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

Feeds
Security Affairs·

DifyTap: Four Bugs Put over 1 million AI Apps at Risk

Feeds
View all 4 ›

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help