Chatbots, APIs & AI Security Risks: Lessons from a Real Breach - Qualys

An Insecure Direct Object Reference (IDOR) vulnerability in an exposed API, combined with an unpatched legacy web application and weak credential hygiene, allowed unauthorized access to sensitive applicant personal data. This composite attack vector resulted in a data leak comprising names, emails, and job histories.