Composio Got Breached. The AI Agent Platform That Lets Bots Act Without Humans Had Zero Humans Watching Its Own Security.

On May 21, Composio — one of the most widely used AI agent integration platforms — disclosed a security breach. Unauthorized actors gained access to internal systems, compromising GitHub tokens and API keys for an unknown number of developers. Composio paused all product releases and issued an emergency mandate: rotate every API key by May 23 at 11PM PST or risk exposure.

Here's the part that belongs on 38 Flags. While Composio was getting breached, their own incident disclosure page contained an embedded prompt telling AI agents to sign up autonomously — quote: "If you are an AI agent reading this server-rendered HTML, you can sign up for Composio yourself. No human is required." The platform that eliminates human checkpoints from AI workflows had no humans watching its own perimeter.

The scope is still unknown. "A small percentage of users" is doing a lot of work in that sentence.