Indian AI chatbot startup WotNot misconfigured a Google Cloud Storage bucket so it was readable by anyone on the internet. Cybernews researchers discovered the open bucket during routine OSINT work, and the company took two months to secure it after being notified.
About 346,000 files were exposed, including passports, national IDs, detailed medical records, and resumes belonging to businesses' end customers.
Cloud storage policy changes must be followed by an explicit public-access verification step, and vendor disclosure reports should trigger immediate remediation.
Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.
Request a demo