How Your AI Chatbot Is Your New Supply Chain Weak Link

The adversary group UNC6395 hijacked Salesloft’s Drift AI chatbot integration, a tool trusted by some of the world’s largest technology firms. By doing so, they stole OAuth tokens and exposed customer data. While the Salesforce integration drew the most attention, any platform connected through Drift was potentially at risk. The breach exposed contact details, customer support case text, and, in some cases, credentials.

The attacker didn’t need to break into core systems. They exploited trust in a widely used AI-powered sales and customer service tool, pivoted through stolen credentials, and exfiltrated sensitive information. It’s a textbook example of how supply chain compromises in the age of AI can move faster and hit harder than traditional exploits.

‍What the Salesloft Drift compromise tells us about AI supply chain attacks and AI attack surface

Companies are racing to deploy AI chatbots and agents at the front door of their business. Connected directly to CRMs, calendars, and sensitive customer data, these tools are built to accelerate sales by qualifying leads and booking meetings and to speed up support by tapping case histories.

But when those integrations are hijacked, a productivity booster becomes an attack vector.  What was designed to accelerate sales ends up accelerating compromise.

The pattern is clear:

• AI chatbots are new attack surfaces. What starts as a sales or support tool often has deep hooks into Salesforce, Google Workspace, or Slack.
• Compromises cascade. Token abuse or agent manipulation can spread from a “non-critical” integration into enterprise-wide access.

It is important for organizations to protect themselves from supply chain attacks that originate from AI-powered chatbots. With a proliferation of new AI tools and agents, older threats manifest in new ways. Additionally AI applications introduce new vulnerabilities and need AI native defense.

Why AI-native apps and AI chatbots and agents need AI-native defense

Securing AI-powered tools requires security that speaks their language. Traditional defenses weren’t designed for applications that reason, act, and connect across sensitive systems.

Two steps stand out for enterprises building with AI today:

• Continuously red team AI apps and agents the way attackers do. Don’t wait for an adversary to discover weaknesses in your integrations, prompts, or identity flows. Test them first, and test them often.
  
  
• Enforce runtime guardrails for AI chatbots and agents. Threats don’t stop after deployment. Guardrails that monitor every prompt, token exchange, and agent action are essential to block abuse in real time.

This isn’t about layering old models of security onto new systems. It’s about adopting AI-native defense that can evolve alongside the rise of AI-native applications.

The takeaway on securing AI chatbots

The Drift compromise won’t be the last. As AI becomes embedded into every workflow, organizations can’t afford to treat AI chatbot security as an afterthought. What’s needed is AI-native defense, built to reason across the same context your AI does.

Learn more about how Straiker protects AI-native apps.