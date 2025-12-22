Pen Test Partners found flaws in Eurostar’s AI chatbot, including weak validation and HTML injection

Eurostar says customer data was never at risk; vulnerabilities have since been mitigated

Palo Alto warns rapid AI adoption expands cloud attack surfaces via misconfigurations and non‑human identities

Eurostar's recently-introduced AI-powered customer support chatbot was marred with cybersecurity vulnerabilities that opened the doors to a multitude of potential risks, experts have warned.

Researchers at Pen Test Partners discovered the chatbot properly validated only the most recent messages in a conversation, meaning older messages could be altered to contain a malicious prompt. That prompt could be virtually anything, from revealing system information, to (possibly) exfiltrating sensitive customer data.

Luckily, Eurostar did not connect its customer information database with the chatbot, so at the time of discovery, there was no direct risk of data leakage happening.

"Customers were never at risk"

The expers found there were other weaknesses in the system, as well, including conversation and message IDs that weren’t properly verified, or an HTML injection flaw that enables running JavaScript directly in the chat window.

Pen Test Partners seem to be the first to have discovered these vulnerabilities: “No attempt was made to access other users’ conversations or personal data”, the researchers explained. “But the same design weaknesses could become far more serious as chatbot functionality expands”.

Eurostar emphasized customer data was never at risk, telling City AM: “The chatbot did not have access to other systems and more importantly no sensitive customer data was at risk. All data is protected by a customer login.”

Many businesses are rushing to deploy AI tools, however, rapid enterprise adoption is significantly expanding cloud attack surfaces and putting businesses at more risk than ever before.

