Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

Cybersecurity researchers have identified four vulnerabilities in the Dify platform, which could be exploited to access AI conversations from other customers' applications without needing authentication. These vulnerabilities, referred to as DifyTap, affect Dify, an open-source workflow platform with a significant presence on GitHub. The flaws could allow attackers to secretly read AI conversations from other tenants. Dify has garnered over 146,000 stars on GitHub, indicating its popularity. The discovery was made by Zafran Security researchers. The vulnerabilities pose a risk to the confidentiality of AI conversations across different tenant applications.