Summary
LogicLeak identified an authorization-bypass class affecting an AI customer support platform that reuses conversation context across sessions. Under specific conditions, identity and entitlement state established in one context could be carried into a different context, allowing actions to be authorised against the wrong account boundary.
This advisory is published in PENDING status. Vendor remediation is in progress and the coordinated-disclosure window has not closed. In keeping with LogicLeak's disclosure policy, technical detail, reproduction steps, and exploit material are withheld until a fix has deployed. This page documents the timeline and a high-level description of the vulnerability class only.
Vulnerability Class
The finding belongs to the prompt-layer authorization class: systems that encode session identity or entitlement in conversational context rather than enforcing it in a stateful, server-side authorization layer. Where that context is reused or insufficiently scoped between conversations, the trust boundary between distinct users or sessions can blur. Full technical details will be added to this advisory once the disclosure window closes.
Impact
Pending coordinated disclosure, impact is described at a high level only: the class can permit actions or information access scoped to the wrong account or session. A detailed impact assessment, affected versions, and remediation guidance will be published when the vendor's fix has deployed.
Disclosure Timeline
Remediation
Vendor remediation is in progress. Detailed remediation guidance is withheld until the fix has deployed and the disclosure window closes. As a general control for this class, operators should enforce session identity and entitlement in a stateful server-side authorization layer rather than in conversational context, and should scope any reused context strictly to a single authenticated principal.