A core promise of the product was that each business's data would stay private.
The most serious finding broke that promise. The walls around the in-product AI agent weren't secure. A malicious user could trick the AI into executing code that slipped through the boundaries and stole the platform's entire vault of secret keys — the master credentials that unlock every connected business's data at once.
One clever hacker could have walked out with the keys to everyone's data — the kind of thing that becomes a headline and a permanent loss of trust.