Beyond Introspection: The Apollo Federation Attack Surface Hidden in Plain Sight

An exposed Apollo Federation subgraph can leak its full schema and internal graph behavior through federation helper fields, such as _service { sdl }, even when standard GraphQL introspection is disabled. This is easy to miss because it sits outside common GraphQL attack patterns, is enabled by default, and is only briefly documented. So most testers never think to look for it. The result is a collapsed trust boundary where attackers can enumerate schemas, mimick the router, and access internal entity data. Sybil uncovered this by systematically exploring framework-level behavior rather than relying on known vulnerabilities or assumptions about what should be “internal.”