A severe zero-authorization vulnerability in Schemata’s API, an AI-powered virtual training platform holding active Department of Defense (DoD) contracts, recently exposed highly sensitive military training materials and U.S. service member records. Discovered by the open-source AI hacking agent Strix, the flaw allowed ordinary, low-privileged accounts to access cross-tenant data across the entire platform. The vulnerability […]
The post Zero-Auth Flaw Exposes DoD Contractor to Cross-Tenant Data Access appeared first on Cyber Security News.