Notion AI: Unpatched data exfiltration
kept by eddie
Notion AI allowed data exfiltration via indirect prompt injection in March 2025, where edits were saved before user approval, enabling attackers to steal sensitive document contents.