Reverse engineering a $1B Legal AI tool exposed 100k+ confidential files
8 days ago
- #LegalTech
- #DataPrivacy
- #Cybersecurity
- Discovered a major security vulnerability in Filevine, a billion-dollar legal AI tool, exposing over 100k confidential files.
- Found an unsecured subdomain (margolis.filevine.com) leading to unauthorized access to sensitive data via an exposed Box API token.
- Responsibly disclosed the issue to Filevine, who promptly addressed the vulnerability and maintained professional communication.
- Highlighted the risks of rushing into AI adoption without proper data security measures, especially for sensitive legal documents.