DifyTap Flaws in Open‑Source Dify Platform Could Expose Cross‑Tenant AI Chats
What Happened — Researchers from Zafran Security disclosed four unauthenticated vulnerabilities in Dify, an open‑source agentic workflow platform (≈146 k GitHub stars). The flaws, dubbed DifyTap, allow a malicious actor to read AI conversation data from other tenants without any authentication.
Why It Matters for Compliance & Audit Readiness
- The scenario maps directly to SOC 2 CC6.1 (Logical Access Controls) and CC6.2 (System Operations) – controls designed to prevent unauthorized cross‑tenant data access.
- Continuous evidence of tenant‑isolation testing and remediation is required to demonstrate due diligence during a SOC 2 audit.
- Verisq’s Control Mapping capability can automatically map these findings to the relevant SOC 2 controls and provide audit‑ready evidence of remediation.
Who Is Affected – SaaS providers delivering AI‑driven workflow or chatbot services, cloud‑native developers integrating Dify, and any organization that has deployed Dify in a multi‑tenant environment.
Recommended Actions
- Conduct an immediate code review and apply the patches released by the Dify maintainers.
- Map the identified gaps to SOC 2 CC6.1/CC6.2 controls and capture remediation evidence in your continuous‑compliance platform.
- Implement automated tenant‑isolation testing in CI/CD pipelines to detect regressions.
- Update your security policies to require third‑party component vetting and regular vulnerability scanning.
Source: The Hacker News – DifyTap Flaws
Technical Notes – The four vulnerabilities stem from insecure API endpoints and improper object‑level access checks, enabling an attacker to enumerate and read chat session IDs across tenants. No CVE IDs have been assigned yet; the issue is classified as a vulnerability exploit that could lead to data exfiltration of AI conversation content.