When you use the knowledge base assistant, then the exposed api key can be used to retrieve all information regarding the authors e.g. curl --request GET " https://apihub.document360.io/v2/teams " --header "api_token: OBBt3Wo9S/fCC3ioJTusteo558ZVbkSNwHU2wb7p95oLG7olxF2OhSkOLk0Ra1ZxSxJeQCegEVtrcC/I8byhTJUqu4EQf0rl8zPOzufIFt6ngqeFTfi9aHLj0b/YIW145z+Vkqvt0LnrmVCFQ7PSFg==" Response will return the user_id, first_name, last_name, email_id, profile_logo_url, last_login, portal_role etc. of all users in document360 We seen this as a heavy security breach, which needs to be fixed