Security3 min read
DifyTap: Four vulnerabilities in Dify AI platform expose cross-tenant chat data
Tags AI · OSS · Enterprise
The Hacker News·
Four vulnerabilities collectively named DifyTap in the open-source Dify agentic workflow platform (146,000+ GitHub stars) allow attackers to read private AI conversations across tenants without authentication. Three of four flaws are fixed in Dify version 1.14.2; one may remain unpatched. The flaws could expose private AI chats and files across Dify tenants. Discovered by Zafran Security and reported June 22, 2026.
Technical significance
DifyTap highlights the security challenges of multi-tenant AI platforms where customer data isolation is critical. The fact that one vulnerability remains unpatched underscores the risk of using open-source AI workflow platforms for sensitive enterprise deployments without additional isolation controls.