What happened
PraisonAI's default configuration (versions before 1.7.3) exposes agent instructions/system prompts and allows invoking agents with no authentication whatsoever, due to an all-interfaces bind with wildcard CORS and no API key enforcement.
Why it matters
Any internet-facing default PraisonAI deployment leaks proprietary system prompts and permits unauthenticated invocation of potentially privileged agent actions — a classic insecure-default exposure pattern for agent frameworks with meaningful blast radius across default installs.
Attack vector
PraisonAI binds to all network interfaces by default with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.
Affected systems
PraisonAI before 1.7.3
Mitigation
Upgrade to PraisonAI 1.7.3 or later; explicitly configure authentication and restrict CORS/bind address before any deployment.