We have disabled the affected features, revoked all credentials associated with this vendor, and attemped to revoke all customer credentials associated with this vendor.
Additionally, we have reached out via email to the subset of customers potentially affected by this incident. We are continuing to monitor the vendor's security published security bulletin for updates:
https://composio.dev/blog/composio-may-2026-security-incident
We are continuing to review internally to ensure the integrity of our systems, but no indicators of compromise have been discovered and we currently have no reason to believe any compromise has taken place.
No components marked as affected
Identified
We have disabled the affected features, revoked all credentials associated with this vendor, and attemped to revoke all customer credentials associated with this vendor.
Additionally, we have reached out via email to the subset of customers potentially affected by this incident. We are continuing to monitor the vendor's security published security bulletin for updates:
https://composio.dev/blog/composio-may-2026-security-incident
We are continuing to review internally to ensure the integrity of our systems, but no indicators of compromise have been discovered and we currently have no reason to believe any compromise has taken place.
Investigating
We were notified of a security incident involving our integrations provider, Composio, in which user credentials may have been accessed for third-party integrations in our Slack Agent and Workflows product. As a precaution, we are proactively rotating all affected customer credentials and will reach out directly to every impacted customer shortly.
Note: GitHub and GitLab integrations were never exposed to Composio. These are handled in-house and remain secure.
