UPDATE Jan 8th: It seems our initial disclosure was triaged by the HackerOne team before it reached the Notion team. Once Notion was aware of this, they took immediate action to validate the vulnerability, and have confirmed that the remediation is now in production! Notion AI was susceptible to data exfiltration via indirect prompt injection due to a vulnerability in which AI document edits are saved before user approval.