My guess is that Adafruit tried flux.ai, noticed a server misconfiguration, contacted flux about it, and then received a cease and desist to prevent them disclosing the vulnerability publicly.

(AFAICT they haven't published anything yet? If they have it's been taken down).

There's a definite bit of Streisand effect here because I for one am very much looking forward to finding out what the deal is.