Incident · curated 27 Jun 2026
First reported 22 Jun 2026 · 4d ago
Single-source incident — first reported, latest, and curated coincide.
Cross-tenant exposure of AI chats in a widely used agentic workflow platform could leak sensitive data from any organization relying on Dify.
Researchers at Zafran Security disclosed four vulnerabilities, collectively codenamed DifyTap, in the open-source agentic workflow platform Dify that could allow unauthenticated attackers to stealthily read AI conversations from other customers' applications across tenants.
Why it matters
Cross-tenant exposure of AI chats in a widely used agentic workflow platform could leak sensitive data from any organization relying on Dify.