Salesloft Drift: AI-Enabled Data Leakage

Attackers didn’t breach Salesforce directly, they exploited a third-party integration, an AI-powered application called Drift (acquired by Salesloft), and used stolen OAuth tokens to exfiltrate data from Salesforce instances. Within days, they had access to sensitive credentials, Salesforce records, and customer information across hundreds of enterprises.

By the time Salesloft revoked the tokens and removed Drift from the Salesforce AppExchange, the damage had already been done. The lesson was clear: even the strongest platforms can be undermined by compromised integrations.

What happened

Between August 8 and August 18, the threat actor UNC6395 used compromised OAuth and refresh tokens to access Salesforce instances through the Drift integration. The attackers exfiltrated:

• Credentials: AWS keys, Snowflake tokens, passwords.
  
• Salesforce records: Accounts, Opportunities, Cases, and Users.
  
• Personal details: Usernames, emails, phone numbers, and support case content.

This was not a failure of Salesforce itself, but a breakdown of supply-chain trust and it shows how quickly attackers can weaponize a single integration.

AI vendors as the new attack surface

AI-powered integrations are everywhere: chatbots in Salesforce, assistants in Gmail, ML plugins in CRMs and ticketing systems. These tools promise productivity, but they also open invisible pathways that can carry sensitive data outside your environment.

When a vendor is compromised, attackers inherit the vendor’s permissions in a manner that is often broad and unchecked. In the Drift case, that translated to access to high-value business and customer data.

Many security leaders underestimate this risk: AI vendors are now part of your attack surface whether you monitor them or not.

The CISO’s blind spot

Security teams are excellent at defending internal systems. But data no longer stays inside: it flows continuously to SaaS apps, APIs, and AI vendors.

The problem is threefold:

1. OAuth tokens grant persistent, trusted access.
   
2. Broad permissions are often requested to “make the product work.”
   
3. Lack of visibility leaves teams unsure what data is leaving.

That blind spot is exactly where attackers strike.

Lessons learned

The Drift incident underscores a simple reality: attackers don’t need to breach your systems directly if they can compromise a trusted vendor.

To reduce the risk:

• Inventory every connected vendor and AI tool.
  
• Map what data each vendor can access.
  
• Control which fields can be shared externally.
  
• Monitor outbound data in real time.

Without these capabilities, every integration is a potential breach vector.

Where Riscosity fits in

Riscosity functions as an AI Data Firewall: it discovers which vendors your organization is communicating with, identifies exactly what data is being shared, and enforces policies to protect sensitive information.

Applied to the Drift scenario, Riscosity could have redacted or blocked credentials, support case content, and customer records before they left Salesforce. Even if OAuth tokens were compromised, attackers would have found little of value.

The takeaway isn’t to avoid AI integrations, but to govern them. Trusting vendors is not a security strategy.

Only the beginning

The Salesloft Drift incident won’t be the last. As AI adoption accelerates, more vendors will gain direct access to critical business systems and more opportunities will arise for attackers.

For CISOs, the battleground has shifted: it’s no longer only your infrastructure but your data in motion. The question isn’t whether vendors will be targeted; it’s whether your organization will have the visibility and controls to stop those compromises from becoming breaches.

Supply-chain attacks are evolving. Defenses must evolve with them.