ADVERTISEMENT

Flaw at major enterprise chatbot maker leads to cookie theft

Researchers believe the flaw also made users vulnerable to account-hijacking, highlighting why users must be wary of breakneck LLM implementation.

Yellow AI cookies leak

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Sep 15, 2025 Updated: 28 October 2025 4 min read
Key takeaways:

What security issues were revealed?

Conversation with customer service chatbot. Image by Cybernews.
Conversation with customer service chatbot. Image by Cybernews.

“Vulnerability was limited”

ADVERTISEMENT

Easy steps to malign a chatbot

Yellow.ai chatbot vulnerability
Image by Cybernews.
  1. The chatbot falls for a malicious prompt and tries to follow instructions helpfully to generate an HTML answer. The response now contains secret instructions for executing arbitrary code, with instructions to send private data from the client browser.
  2. Malicious code enters Yellow.ai’s systems. The HTML is saved in the chatbots' conversation history. When loaded, it executes the malicious payload and sends the user’s session cookies.
  3. An attacker asks to speak to a human support agent, who then opens the chat. Their computer tries to load the conversation and runs the HTML code that the chatbot generated earlier. Once again, the malicious code is executed, and the cookie theft triggers again.
  4. An attacker-controlled server receives the request with cookies attached. The attacker might use the cookies to gain unauthorized access to Yellow.ai’s customer support systems by hijacking the agents’ active sessions.

Not the first time chatbots have issues

Gintaras Radauskas Paulina Okunyte jurgita Niamh Ancell BW
Stay informed and get our latest stories on Google News
Add us as your Preferred Source on Google.

  • Initial disclosure: August 5th, 2025
  • Partial mitigation: Before September 11th, 2025

ADVERTISEMENT