2025-09
Data Leakage
Vyro AI (ImagineArt, Chatly, Chatbotx)

Vyro AI left an Elasticsearch server streaming prompts and auth tokens from its apps

What happened

Cybernews researchers found an unprotected Elasticsearch instance run by Vyro AI leaking user logs in real time from its consumer generative-AI apps. The server had been indexed by IoT search engines months earlier, widening the exposure window.

Impact

About 116GB of live logs were exposed, including user AI prompts and bearer authentication tokens that could enable account hijacking across apps with 150M+ downloads.

How this could have been prevented

Search-index datastores need authentication and continuous external exposure monitoring, and session tokens should never be written to plaintext logs.

Sources

More data leakage incidents

Would runtime governance have caught this?

Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.

Request a demo