Downstream Data: Investigating AI Data Leaks in Flowise | UpGuard

Misconfigured self-hosted Flowise instances frequently permit unauthenticated access, exposing editable chatflows, prompts, credentials, API keys, and document stores; researchers found 156 internet-accessible instances (91 with multiple chatflows) and highlight a notable supply-chain risk among small AI vendors, recommending enabling authentication and avoiding hard-coded secrets.