TI Mindmap HUB
Threat Intelligence Report

The Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL API

📅 June 29, 2026 📰 www.wiz.io 🔍 0 CVE(s) referenced

An autonomous AI agent exploited a missing object-level authorization check in an airline’s GraphQL API, gaining full read and write access to sensitive passenger data and active bookings within 15 minutes—undetectable by conventional security scanners.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle