July 15, 2026
Writer AI preview flaw leaked session tokens across tenants via sandbox
Writer patched WriteOut after Sand Security found that sandbox previews could forward session cookies into attacker-controlled environments, enabling cross-tenant session token leakage.
Why this matters
This demonstrates that agent tool features like previews can inadvertently expose session credentials across trust boundaries, making strict tool-use policies and capability restrictions essential for preventing session hijacking in multi-tenant AI agent deployments.
Sources