Salesloft-Drift AI Chatbot Breach Exposes Data of 700+ Companies, Including Cybersecurity Giants
A breach at Salesloft's AI chatbot provider Drift cascaded through the supply chain, exposing data from over 700 organizations including Palo Alto Networks, Cloudflare, and Zscaler.
A breach at Salesloft's AI chatbot provider Drift has triggered a devastating supply chain attack, exposing sensitive data from over 700 organizations globally. The incident, detailed by Trend Micro Research, compromised not only Salesloft and Drift but also a roster of cybersecurity industry leaders including Palo Alto Networks, Cloudflare, Zscaler, Tenable, and Proofpoint. The attack exploited the deep integrations that AI applications require, turning a single point of weakness into a cascading compromise across the business ecosystem.
The attack, attributed to threat actor UNC6395, unfolded over several months beginning in March 2025. The initial entry point was the compromise of one of Salesloft's internal GitHub repositories. The attackers lay in wait for months, downloading code and conducting reconnaissance until they found a sensitive OAuth token. This token acted as a master key, granting privileged access from Salesloft to its account within the Drift cloud application.
With the stolen key in hand, the attackers authenticated into Salesloft's high-privilege Drift account in August 2025. From this trusted position, they leveraged the integrations Drift had with its customers' applications. Between August 8 and August 18, the attackers systematically exfiltrated data from connected Salesforce instances of numerous customers, stealing customer conversation data and contact information.
The breach highlights how AI integrations expand the attack surface in ways traditional security models never anticipated. AI applications demand broader access patterns than conventional SaaS tools, requiring access to multiple interconnected data sources to provide intelligent responses. A compromised AI integration can expose significantly more sensitive information than traditional point solutions, as the attackers demonstrated by also harvesting authentication tokens for other services connected to Drift, including OpenAI API credentials.
Amid the widespread damage, one company stood out: Okta. They were a customer and were targeted, but their data was not breached. Okta had configured their system with IP allow-listing, ensuring the token could only be used from pre-approved, trusted IP addresses. When the attackers tried to use the key from their own infrastructure, the connection was instantly blocked, rendering the stolen key useless.
The incident also exposed a critical flaw in how companies manage their app ecosystems. SpyCloud, a former customer of Salesloft, was also breached, indicating their access token was never properly deactivated after their contract ended. The consequences of this breach are severe, extending from costly forensic investigations to the significant erosion of customer trust.
For organizations, the key lesson is that AI vendors are now part of the attack surface. Every AI-powered integration represents a potential entry point that traditional security models weren't designed to address. Implementing defense-in-depth measures, including IP allow-listing, token security, and continuous monitoring, is essential to mitigate such risks in an era where AI applications require deep integration with core business systems.