Filevine API security breach exposed 100,000+ confidential legal files through unprotected AWS endpoint
By ByteBot
Security researcher Alex Schapiro disclosed a critical API vulnerability in Filevine on December 2-3, exposing a problem that should terrify anyone using enterprise AI tools. The billion-dollar legal case management platform—used by 1,500+ law firms—had an AWS API Gateway endpoint that required zero authentication. Send a simple JSON payload, get back full admin credentials to Box file storage. The result: approximately 100,000+ confidential legal files exposed, including attorney-client privileged communications, HIPAA-protected health records, court documents, and internal law firm memos.
The Vulnerability Was Embarrassingly Simple
Filevine’s AWS API Gateway had an endpoint at `/recommend` that required no authentication. Schapiro discovered that sending a JSON payload with a project name returned “a maximum access fully scoped admin token” for Box, Filevine’s internal file storage system. Searching for “confidential” returned nearly 100,000 results.
Moreover, this is a textbook failure of zero-trust architecture. Modern security assumes “never trust, always verify” for every API request. According to Wiz, misconfigured APIs make up two-thirds of cloud breaches. Broken API authentication happens when an API doesn’t properly verify who’s making a request. Consequently, Filevine’s vulnerability exemplifies this: a billion-dollar company with a wide-open endpoint in production.
The exposed files included attorney-client privileged communications, HIPAA-protected health information, court-ordered documents revealing litigation strategy, and internal firm payroll and memos. Furthermore, Margolis Law Firm was explicitly named as having files exposed.
HIPAA and Attorney-Client Privilege Don’t Mix With Data Breaches
The regulatory implications are severe. HIPAA fines range from hundreds to tens of thousands of dollars per violation. Additionally, attorney-client privilege breaches lead to trust breakdowns, potential malpractice claims, and loss of competitive advantage when litigation strategy leaks.
When law firms work with protected health information, they become “business associates” under HIPAA, requiring strict data protection. According to Clio, “HIPAA violations and data security breaches can have devastating financial and regulatory effects on law firms and often result in breakdown of the attorney-client relationship.” In fact, a single breach cascades into regulatory violations, client lawsuits, and competitive intelligence leaks.
Responsible Disclosure Worked, But 25 Days Is Still 25 Days
Alex Schapiro discovered the vulnerability on October 27, 2025, and immediately reported it to Filevine. The company acknowledged the issue on November 4 and confirmed the fix by November 21—a 25-day turnaround. Subsequently, Schapiro published his disclosure on December 2-3 after verifying the patch.
Industry standards for responsible disclosure run 60-90 days. Filevine’s 25-day response is faster than average and demonstrates serious commitment. Schapiro praised their handling: “The Filevine team was responsive and professional. They acknowledged the severity, worked to remediate the issues, allowed responsible disclosure, and maintained clear communication.”
However, 25 days is still 25 days with 100,000+ confidential files potentially exposed. This highlights the importance of continuous security testing—vulnerabilities should be found internally before researchers discover them externally.
AWS API Gateway Misconfiguration Is an Epidemic
The Filevine breach was caused by a simple AWS API Gateway misconfiguration where the endpoint lacked authentication requirements. Notably, this is one of the most common cloud security failures in 2025.
Zero-trust architecture requires that each API request be authenticated, authorized, and continuously verified, regardless of origin. AWS API Gateway can enforce this, but it requires explicit configuration. Therefore, developers need to audit their endpoints now: enable authentication for every endpoint, implement OAuth 2.1 or JWT for user authentication (not just API keys), enable AWS WAF for additional protection, turn on CloudWatch logging, and regularly review IAM policies.
Wiz’s warning should be taken seriously: misconfigured APIs represent two-thirds of cloud breaches.
The AI Security Gap: Features Over Fundamentals
Here’s the irony: Filevine raised $400 million in September 2025, achieved 130% year-over-year AI revenue growth, serves 150,000+ legal professionals, and boasts SOC 2 and SOC 3 compliance certifications. Yet they had a zero-authentication API endpoint in production.
The company announced SOC 2 compliance in December 2024, just weeks before this vulnerability was discovered. Nevertheless, compliance certifications didn’t prevent the breach because checkboxes don’t equal actual security. SOC 2 audits focus on policies and procedures; they don’t catch zero-authentication API endpoints.
The broader pattern is clear: AI companies race to add features while security engineering lags. This raises a critical question: should legal AI tools handling attorney-client privilege and HIPAA data face mandatory security audits before deployment?
For developers and law firms evaluating vendors: vet based on actual security practices, not compliance badges. Ask about penetration testing frequency, bug bounty programs, and incident response capabilities. The gap between “AI-powered” marketing and actual security engineering is dangerous.
Key Takeaways
- Audit AWS API Gateway endpoints immediately: Verify every endpoint enforces authentication—zero-auth misconfigurations are common and catastrophic.
- Zero-trust is non-negotiable: Authenticate and authorize every API request, regardless of origin.
- Compliance certifications don’t prevent breaches: SOC 2/SOC 3 are baseline—continuous testing matters more than checkboxes.
- Responsible disclosure works when done right: Filevine’s 25-day fix demonstrates how companies should handle vulnerability reports.
- “AI-powered” doesn’t mean “secure”: Vet enterprise AI vendors on actual security practices, not marketing claims.
