Addressing What Happened Back in June

Recently, developers noClaps, InsidiousFiddler and RollViral discovered several security vulnerabilities in our services and reached out to us.

First, let us say that we are extremely grateful that these individuals reported the issues to us. While we acknowledged some of the issues they identified, we regret that we left them unresolved for too long. This was very unprofessional on our part, and the fact that these vulnerabilities existed is entirely our fault, so we take full responsibility for these oversights.

Issues Identified

The reports highlighted several technical gaps. In summary:

• Copilot guest rate-limit bypass: Copilot was intended to block guest messages after a limit of 10 messages/day, but this was not properly enforced server-side. In practice, by simply removing the disabled attribute in the browser's DevTools inspector, guest messages could still go through since the /api/chat endpoint did not enforce the rate-limit. In other words, the server was tracking guest messages but was not enforcing the "block", so users could call the API without any authentication or rate limiting.
• "playground" API key: In Platform, the playground feature used a hard-coded Bearer token (playground) for authentication to https://api.secton.org/v1/chat/completions. As reported, this token had no usage limits and was publicly accessible. Anyone could use this to call that specific API endpoint at will.
• Unauthenticated "ai-compute" endpoint: The individuals who disclosed those vulnerabilities discovered that one of our subdomains ai-compute.secton.org did not require any authentication, unlike our intended design. By contrast, speech-compute.secton.org correctly required authentication and returned an HTTP 401 Unauthorized showing the intended behavior. This misconfiguration meant external users could essentially access part of our backend without credentials.

These issues exposed missing checks that conflicted with our expectation of "no shortcuts" in security.

Our Response

One of our developers was contacted via Discord by the individual who discovered the first issue on June 23, 2025. A group chat was created including all three individuals reporting the vulnerabilities, one Secton developer, and one QA team member.

We were able to reproduce all the reported issues and prioritized patches for them. By the next day (June 24, 2025), all identified issues had been resolved and deployed to production. Importantly, there is no evidence that any of these vulnerabilities were abused in the wild; these issues were only exposed through the individuals' responsible testing.

One of the individuals who reported these issues shared their perspective on our team:

I truly don't know if their code was AI-generated or if their developers are juniors who are still learning, though I don't believe I have the true right to judge that. However, I do hope that at least they took this with a stride and learn from it.

Admittedly, we do use AI-assisted development tools internally (as many teams do), however all production code is carefully reviewed by multiple engineers.

Once again, we take full responsibility for leaving these issues unresolved initially and sincerely regret that they existed at all. We appreciate the responsible disclosure and the time the individuals took to work with us directly.

Improvements Made

• Authentication enforcement: All impacted endpoints now enforce proper authentication on the server side. The Copilot chat endpoint now tracks guest limits per IP; the previous bypass is eliminated. The ai-compute.secton.org subdomain now rejects unauthenticated requests. In short, there are no longer any public endpoints offering unauthenticated AI access.
• Revoked "playground" API key: The generic playground token has been disabled. Going forward, every API request (even in the playground) must be authenticated using an API key tied to an organization. The playground requires users to enter a valid API key. This pretty much guarantees that credit expenses and rate limits apply correctly.
• Responsible disclosure: We welcome reports from security researchers. Our Security page even encourages responsible disclosures via HackerOne. We are looking for ways to further encourage and reward such reports (while we currently do not offer monetary bounties). In this case, the individuals contacted us through Discord, but we have since started directing all interested parties to our formal disclosure channel.

We want to thank the community for their vigilance. If you have questions about any of the issues mentioned above (or if you spot something we missed) please reach out on Discord or via email. Your trust is paramount, and we're doubling down on keeping your data (as well as our services) safe.

— The Secton Team