An AI-powered autonomous security agent discovered that Schemata, an Andreessen Horowitz-backed Department of Defense contractor, had virtually no authorization layer on its API, exposing U.S. service member records, military base assignments, and classified training materials to any authenticated user across tenants for over 150 days.
Security researchers, developers of an open-source autonomous AI hacking agent, uncovered a critical multi-tenant authorization vulnerability in Schemata’s platform on December 2, 2025.
Schemata is an AI-powered virtual training platform serving the U.S. military and defense sector, offering immersive 3D simulations for naval personnel, Army grenadiers, Air Force operators, and defense contractors.
The company holds active Department of Defense contracts and manages highly sensitive operational training data backed by millions in government funding.
Strix used Schemata as a benchmark for its latest AI hacking agent, which has surpassed 24,000 GitHub stars and runs thousands of security scans daily. What the researchers found was not a sophisticated exploit; it was a foundational authorization failure that required nothing more than a standard, low-privilege user account.
DoD Contractor Schemata Exposed
The attack surface was discovered through a straightforward process. Strix established a low-privilege baseline, mapped the reachable API surface from normal browser traffic and client-side route references, then replayed the highest-value collection endpoints using that same ordinary session. The results were catastrophic.
The API returned data across the entire platform with zero organizational scoping, no tenant isolation, and no permission checks to prevent a low-privilege user from accessing other tenants’ records.
This class of vulnerability is classified under OWASP API Security as Broken Object-Level Authorization (BOLA), consistently ranked among the highest-impact API vulnerabilities in 2026.
Using only their unprivileged test account, Researchers were able to access:
- The entire user base – a user listing endpoint returned full names, email addresses, enrollment data, and the specific U.S. military bases where service members were stationed
- Hundreds of sensitive training manuals – course and organization listing endpoints exposed metadata and direct AWS S3 links to confidential military operations modules, including Army field manuals on explosive ordnance arming sequences and tactical deployment
- Write-enabled routes – the absence of authorization checks meant a malicious actor could potentially modify or delete courses entirely using standard HTTP update or delete requests
- 3D virtual training courses for naval maintenance personnel, featuring documentation explicitly marked confidential and proprietary
The exposure was not merely theoretical. Active U.S. service members’ names, emails, military base locations, and training course enrollments were all queryable enough information for targeted spear-phishing campaigns, identity mapping, or operational security (OPSEC) attacks against military personnel.
A deeply troubling disclosure timeline matched the vulnerability’s severity. On December 2, 2025, Strix made first contact with Schemata. The CEO’s initial response was: “I would love to hear what the vulnerability is, but I assume you want to get paid for it. Is that the play?” This was an immediate sign of skepticism toward good-faith security research.
Strix clarified that no compensation was expected and requested the appropriate channel to submit the technical details. Over the following weeks, from December 8 to December 29, 2025, multiple follow-up emails were sent to additional team members, warning that the vulnerability was critical and actively exploitable.
No response channel was provided. On January 27, 2026, Strix independently verified that the vulnerability was still live. It was not until May 1, 2026, after Strix notified Schemata of its intention to publish, that the company responded.
Acknowledged the exposed endpoints, and committed to immediate remediation. Strix verified the fix before publishing on May 3, 2026, 152 days after initial disclosure.
The regulatory consequences of this exposure may extend far beyond a patch. Under DFARS 252.204-7012, any DoD contractor handling Controlled Unclassified Information (CUI) is legally required to report cyber incidents to the Department of Defense within 72 hours of discovery via the DIBNet portal.
A reportable incident includes any unauthorized access to systems storing CUI, precisely what this exposure represents. DFARS compliance mandates that contractors implement all 110 security controls outlined in NIST SP 800-171, which explicitly requires robust access control mechanisms for systems processing defense information.
Non-compliance can trigger withheld contract payments, contract termination, and permanent debarment from federal contracting. Schemata’s platform, which operated without meaningful API authorization for at least 5 months while under active DoD contracts, constitutes a textbook violation of these foundational security obligations.
The Cybersecurity Maturity Model Certification (CMMC) framework, now phasing into all DoD solicitations through 2026, further requires that contractors demonstrate verifiable, auditable access control practices. A platform serving military training data with zero API authorization would fail even the most basic CMMC Level 1 requirements.
This incident is a sector-wide warning. Any organization holding DoD contracts must treat API authorization as a non-negotiable security baseline, not an afterthought. Continuous, automated authorization testing, especially against multi-tenant environments, must be standard practice before adversaries conduct it independently.
Schemata customers and partners in the defense space should formally request from Schemata: what data was accessible, for how long, whether access logs were reviewed for suspicious activity, and whether affected service members and stakeholders were notified.
Organizations building software for government customers must also establish open, credible vulnerability disclosure channels; ignoring a security researcher is not a neutral act; it is a decision that leaves users exposed for months.
FAQ
Q1: What is a multi-tenant authorization vulnerability?
It is a flaw in which an authenticated user from one tenant can access another tenant’s data due to missing or improperly enforced API permission checks.
Q2: What data was exposed in the Schemata breach?
U.S. service member names, emails, military base locations, course enrollments, and confidential military training manuals with direct AWS S3 document links were all accessible.
Q3: What are DFARS 252.204-7012 requirements for DoD contractors?
DFARS mandates DoD contractors handling CUI implement NIST SP 800-171 controls and report any cyber incidents within 72 hours of discovery through the DIBNet portal.
Q4: How was the Schemata vulnerability discovered?
Strix’s open-source autonomous AI hacking agent mapped the API surface using a low-privilege account and replayed high-value endpoints, revealing zero tenant isolation without any advanced exploitation.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
