This AI Tool Might Be Leaking Your Slack Messages & More

We’re at a point where we can’t trust any of the AI technologies that we use in our daily lives (the same goes for the companies developing the technology). An AI service called Struct Chat can expose user data and Slack messages easily.

Struct Chat is an AI tool for Slack users. It’s one of the tools that can comb through your Slack messages, organize the messages, summarize threads, generate actual newsletters, and overall make life easier. This sounds like a useful tool for people who are inundated by Slack messages on a daily basis. For just $29.99/month, this service can make Slack less of a hassle to use.

However, the AI tool Struct Chat has a massive data security issue

The research team at Cybernews discovered a pretty large oversight on the company’s side that has put the privacy of its users at risk. At the time of writing this, this issue has not been resolved yet. We’re not sure when the company will address it.

Struct Chat uses what’s called an Apache Kafka Broker to move messages between services. The Kafka Broker moves a ton of data to and fro which makes it a prime target for people looking to steal that data. The thing is that this Kafka Broker is completely unprotected. Being an unprotected central hub for managing information, it’s a prime target for hackers.

The amount of data that the Broker Kafka broker leaks is pretty scary. According to the report, it moves data like tokens, I.D.s, email addresses, conversations (between other users and the AI), timestamps, internal team names, event data and type, links to pipelines, internal URLs, and CD/CI (Continuous Integration and Continuous Deployment) statuses.

If this unprotected Kafka Broker falls into the wrong hands, the data and private chats from Struct Chat users could be in jeopardy. This is ironic because the company claims that its ChatGPT-powered service has a privacy-first mentality. It’s a bit tough to believe that now, as cybersecurity isn’t the company’s priority.