RELAYTO Penetration Test Report

Bubba AI, Inc. 2261 Market Street, San Francisco, California, 94114 Engagement Information Overview Date : February 19, 2026 Target :  comp-ai.test.relayto.com Client : Relayto Assessment : Web Application Penetration Test - GrayBox Total Findings : 3 Critical : 0 High : 0 Medium : 0 Low : 0 Informational : 3 Overall Security Posture The security assessment identified one critical-severity finding, one low-severity finding, and three informational findings. While most components of the environment appear well-configured, the presence of a critical vulnerability required immediate attention. The previously identified critical finding involves unauthenticated API endpoints that expose sensitive user data, including personally identifiable information (PII) and administrative account details, and allow cross-tenant access. This issue could enable attackers to retrieve sensitive information without authentication, increasing the risk of data leakage, targeted attacks, and potential regulatory or reputational impact. The issue has been remediated, with corrective measures applied to the affected components . The low-severity finding has been fully remediated . While t he informational findings do not pose immediate risk but provide recommendations to further strengthen the overall security posture. Overall, the organization ’ s security posture has significantly improved following the remediation of the critical finding with only informational findings remaining.