On May 23, we received a security bulletin from one of our third-party vendors used for a small subset of Beta integrations, Composio, about a security incident affecting their systems. Composio's initial communication indicated that Hatz was not affected. Late on May 23, Composio recommended that all users rotate their API keys and reset all connected accounts. Out of an abundance of caution, the Hatz team disabled Composio integrations from the platform and ran programmatic key revocations for every account connected through the Hatz system, where possible. Hatz AI will strive to provide feature parity with the previously beta integrations offered through Composio.

Hatz AI is conducting a forensic analysis of its systems and Composio audit logs. The investigation is ongoing. Currently Hatz AI has seen no indication of compromise of the Hatz Platform, however, we are continuing our analysis on the third-party platform and may contact users directly out of abundance of caution if we believe that they may be at an increased risk.

Beginning today, we are releasing new versions of many integrations and will provide partners with instructions on how to reconnect their workflows and agents with the newer, often better versions of these integrations.

Refer to the table below for each tool that we believe was affected and the recommended migration path and action. Out of an abundance of caution, we recommend revoking any API keys that were used with the integrations listed below and revoking any OAuth access for Composio. We would also note from their Security Incident page that Composio has stated that the leaked connections represent only 0.3% of the total active connections.