[German]It was a security incident waiting to happen; the only question was how soon it would occur. The AI provider localmind.ai has currently shut down all services. A "readily avoidable security vulnerability" could have allowed third parties to extract sensitive customer data. A reader informed me by email after receiving notifications to this effect.
Who is localmind.ai?
localmind.ai is an AI start-up from Austria (Tyrol) that was founded by Ivan Dukic and Jerimias Fuchs on February 15, 2024, and is based in Innsbruck (Austria). The AI start-up advertises that customers can evaluate their "own data with their own AI application." This is intended to increase a company's productivity, e.g., by optimizing standard workflows, and to provide optimal support for existing employee resources.
The AI solution is 100% GDPR-compliant and comes with personal German-language support from the manufacturer, according to the website. And in this German article, localmind.ai advertises its supposedly secure, locally hosted AI solution.
Security incident at localmind.ai
On October 5, 2025, localmind.ai published a report, the original of which I have in my possession (see screenshot).
The company reports that a security incident was detected yesterday, Sunday, October 5, 2025, at 5:43 a.m. As a precautionary measure and for further investigation, all affected systems, including internal platforms such as server services, have been temporarily taken offline.
This is followed by the usual statement that comprehensive immediate measures to contain and analyze the incident were initiated without delay. The company is currently working with the highest priority to determine which systems and data may be affected and to initiate initial measures. The investigation is ongoing, and further updates will be published throughout the day as soon as verified information is available.
A reader's note with inside information
I received the above notification by localmind.ai from a reader who sent me further insights (thank you for that). The reader informed me that his company, which is not a customer of localmind.ai but had previously held discussions with them, had received alarming information by email.
A "prospective customer" encounters a major security breach
Seven months ago, the "source" (a prospective customer who wanted to check out the solution) noticed a video on LinkedIn that contained a link to Localmind's public team.localmind.io instance. The person thought it was a public demo and registered to check out the features.
To the person's surprise, there was no email confirmation or any kind of verification. According to the redacted incident report I have, the person was immediately logged in and discovered that this account had the role of admin. There were hundreds of other accounts in this system, mainly Localmind customers, it says. According to the statement, the person was then able to access their accounts.
The source wrote that the system is a modification of OpenWebUI developed specifically "for Vibe" (I interpret this as "an application developed with Vibe Coding"). This led the source to assume that it was the localmind.io demo system that the company provides to potential customers.
However, since the person was already an administrator via their test account, they could read all chats from all other users and view their uploaded files (more details can be found in part 2). Using the automation (essentially n8n, an open source automation tool) and capabilities functions, it was possible to access many API keys (OpenAI, Elevenlabs, blackforestlabs, Google) from Localmind itself, it is said.
This information was allegedly often stored in plain text (or could be decrypted with on board tools easyly) and could be viewed by anyone who had created an account, according to the statement. Via crt.sh, the source found additional subdomains where they could register as an administrator without further confirmation.
The person who discovered the security vulnerability warns users
If I have understood correctly from the fragmentary information in the redacted incident report, the source was able to move laterally throughout the entire Localmind IT cosmos via the initial test account, due to its administrator privileges, and also access customer accounts and their supposedly "controlled" data.
According to my interpretation, this person had access to the crown jewels. This ranges from customer lists, lists of who has not yet paid, chats, to access to WordPress instances, root server access, invoices, email, and more. With the supposed test account, the discoverer was able to access everything that somehow belongs to Localmind. Using jump hosts, they were also able to access customer systems—and there are some well-known names among them.
The person who discovered this incredible botch job, if indeed it is true, then sent an email with information to various customers and potential prospects (he presumably obtained the addresses via their email system, as he was also a Microsoft 365 administrator with the test account, which had administrator rights). The email states that the recipient is being warned because they are an active or potential customer of Localmind. The manufacturer promised a local and secure AI system, but behind the facade lurks a security disaster. Here is the forwarded email from the blog reader, which I have anonymized, that was sent to their company today:
diese Email stammt nicht von Localmind; sie ist eine Warnung an alle Kunden, die ihr Vertrauen und ihre Daten in die Hände dieses Unternehmens gegeben haben.
Ich kontaktiere Sie, da Sie potentieller oder aktiver Kunde von Localmind sind oder waren. Localmind hat Ihnen ein angeblich lokales und sicheres KI-System versprochen, doch wie Sie in dieser E-Mail erfahren werden, ist Localmind alles andere als sicher.
Localmind haben ihre komplette Infrastruktur mit KI generiert (Vibe Coding) und somit eine Vielzahl an leicht zu vermeidenden Sicherheitslücken geschaffen, die Localminds Systeme für Angreifer zu einer offenen Tür machen. Localmind verstehen ihren eigenen Code nicht, daher ist es ihnen nicht möglich, solche offensichtlichen Lücken zu erkennen und zu beheben.
Durch diese grobe Fahrlässigkeit sind nun auch die Daten und System aller ihrer Kunden gefährdet, darunter potentiell auch Ihre.
Ich haben eine Anleitung angehängt, wie jeder an diese Daten gelangen kann, um zu verdeutlichen, wie einfach es war. Diese Lücke ist seit mindestens 7 Monaten offen und es ist davon auszugehen, dass schon jemand vor mir Zugriff auf diese Daten hatte.
Seien Sie Gewiss, dass auch Ihre Daten bei Localmind nicht sicher sein werden.
Dies ist weder eine Erpressung noch möchte ich in irgendeiner Weise Schaden anrichten. Ich werde diese Lücken dem CCC und diversen News-Portalen melden und alle Betroffenen Kunden selbst informieren. Ergreifen Sie bitte entsprechende Maßnahmen und sichern Sie Ihre Systeme ab.
Ich möchte noch einmal betonen, wie leicht es war, durch die schlechte Sicherheit von Localmind auf Ihre Systeme oder Dateien zuzugreifen, bitte nehmen Sie diese Warnung ernst.
The German text is a strong warning, that localmind.ai security is a mess and broken by design. If I understand correctly, the source has send all recipients a redacted "incident report" with some details. I have now received confirmation from several recipients of this "warning." And the fact that the security problems have been going on for at least seven months doesn't make it any better.
In my opinion, the whole thing is a complete disaster, concocted from the ingredients that lurk in trendy AI start-ups and are putting our lives at risk: big plans to stay ahead in the race for the future of AI. Then the whole thing is somehow cobbled together with vibe coding and unleashed on customers who have no idea about it and want to do something with AI. And the developers of these solutions often don't know what they're doing either. At this point, we can only hope that customers had only uploaded test data to their AI instances and that no third party had access to these instances.
I recently revealed the dramas that can unfold with vibe coding in my blog post Vibe Coding Fail: Drama in Brazil, dating app for lesbians exposes data. The above case shows once again what a Pandora's box has just been opened. I have received further details anonymously from the person who discovered the serious security vulnerability. I plan to uncover that in further articles.
Articles:
When vibe coding goes bad: Security incident involving AI provider localmind.ai – Part 1
Addendum: AI disaster at Localmind GmbH and Morgendigital GmbH – Part 2
localmind.ai: AI security incident, it's not over yet – Part 3
Vibe Coding Fail: Drama in Brazil, dating app for lesbians exposes data
