Cybersecurity experts have uncovered a critical vulnerability in Writer, a generative artificial intelligence platform used by enterprises, that has now been patched. This session isolation flaw, named WriteOut by Sand Security Research, could lead to cross-tenant account compromises. With just a simple link, an attacker could take control of any Writer AI account, accessing sensitive data such as private chats, documents, and large language model credentials. The severity of the issue is heightened by the fact that attackers do not need to be part of the same organization as their victims. By creating an agent in their own account and sharing a preview link, attackers could hijack a victim's account if the victim clicks the link while logged into their session. This exploit was made possible due to Writer's live preview feature, which inadvertently allowed attackers to collect session tokens from different companies and act as legitimate users. Sand Security noted that the flaw undermined the shared responsibility model by breaking tenant isolation protections. Writer has responded by ensuring that session cookies are no longer forwarded to sandbox previews and have moved them to an isolated origin. Despite having guardrails in place, attackers were able to bypass them by instructing malicious agents to fetch and run remote scripts, evading detection. This incident underscores the importance of robust session isolation and vigilant security practices within AI platforms.