Writer AI “WriteOut” Vulnerability: Agent Preview Session Token Leak Could Enable Cross-Tenant Account Takeover

Writer AI “WriteOut” Vulnerability: Agent Preview Session Token Leak Could Enable Cross-Tenant Account Takeover

TTP Advisory: WriteOut (Writer AI) | No CVE | Severity: Critical (Cross-Tenant Compromise) | Vendor: Writer | Product: Writer Enterprise AI Platform | Discovered by: Sand Security Research | Status: Patched server-side


What Is the Vulnerability

Sand Security Research discovered a critical session isolation vulnerability in Writer’s enterprise AI platform, dubbed ‘WriteOut’. The flaw existed in Writer’s agent preview feature, where sandbox previews could forward session cookies into attacker-controlled agents. An attacker with no prior access could take over any Writer AI organization via a malicious link. From a compromised account, an attacker could access private chats, documents, agent configurations, private models, connectors, and LLM credentials. Depending on the victim’s role, the attacker could also seize administrative control.


Versions Affected

  • Writer Enterprise AI Platform — server-side, patched by Writer

Exploited?

No confirmed exploitation in the wild. Writer and Sand Security both state there is no evidence the vulnerability was ever exploited. Writer patched the issue server-side after responsible disclosure.


Fix

Writer patched the vulnerability server-side. No customer action required.

  • No action required: Writer applied the fix to all tenants.

Recommendations

  • Review AI platform access: This vulnerability highlights the importance of session isolation in multi-tenant AI platforms.
  • Audit agent configurations: Review Writer AI agent configurations for sensitive data exposure.
  • Broader lesson: AI agent platforms introduce new attack surfaces — session isolation, cross-tenant boundaries, and agent-to-agent trust models should be reviewed.

References


Part of the Vulnerability Intelligence series on threat-modeling.com. July 8, 2026 Report.

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!