Dify's tenant isolation is a joke.

Four vulnerabilities in Dify. "DifyTap." Sounds like a catchy name for a security conference talk, not something that should be happening to a platform with 146k stars. The core flaw is a tenant isolation failure. That's the kind of basic architectural mistake you'd expect from a weekend project, not a production AI workflow tool. The researchers showed you can just read other people's AI chats without any authentication. No fancy exploit chain needed. Just a broken permission model. If your platform is handling conversations that might contain API keys, internal business logic, or customer PII, and you can't even separate tenants properly, you've built a shared Google Doc, not a secure application. What bothers me is the response time. These were reported in December and January. It's June. That's half a year to fix "read anyone's data" bugs. For an open-source project with this many users, that lag is unacceptable. If you're building on Dify right now, you need to audit your tenant isolation yourself. Don't trust the upstream fix timeline. And maybe think twice before letting it touch any sensitive data.