● HIGH↔ COMPANY DISPUTED

Researcher reports prompt-injection exploit caused customer-support assistant to disclose other users' PII

The named company has publicly disputed this characterization.

See the company response panel below.

Date of incident: August 4, 2025
Jurisdiction: US-WA
Sources: 2 cited
Last verified: March 29, 2026

Summary

A security researcher published a write-up alleging that a prompt-injection technique caused a SaaS customer-support assistant to surface portions of other users' personally identifiable information. The vendor disputes that any production PII was disclosed and states that the proof-of-concept used synthetic test data. The researcher subsequently agreed to coordinated disclosure terms.

What is reported

The researcher's August 4, 2025 write-up describes a prompt-injection technique in which a crafted user input caused the assistant to return text the researcher claims included PII.

Company response

The vendor disputes the characterization and states that the demo used synthetic data.

Sources

01
Researcher write-up — Coordinated disclosure write-up (Aug 4, 2025)
tertiary8/4/2025
02
BleepingComputer — Customer-support LLM patched after PII-disclosure claim
secondary8/9/2025