Bubba AI, Inc. 2261 Market Street, San Francisco, California, 94114 Figure 7 - Unauthenticated request to the /api/users/comp-ai/ endpoint returning successful response with company user ’ s data. Remediation:  Enforce authentication on all user-related API endpoints .  Implement strict server-side authorization checks, including proper tenant validation for all user data access .  Remove sensitive fields such as API keys from user-facing API responses .  Apply the principle of least privilege to all exposed data structures .  Conduct a comprehensive review of all API endpoints to ensure consistent access control and tenant isolation enforcement . Affected Endpoints:  comp-ai.test.relayto.com/api/users/comp-ai/  comp-ai.test.relayto.com/api/company/  comp-ai.test.relayto.com/api/companies/  comp-ai.test.relayto.com/api/companies/{company}/users/{username}  comp-ai.test.relayto.com/api/users/{username}/full Vulnerability Remediation Status (02/13/2026): The vulnerability has been remediated across the majority of the previously affected endpoints. The remaining endpoints, however, remain vulnerable but do not expose sensitive information. For this reason, the issue is currently considered partially fixed and severity was downgraded to low.