How attackers hit 700 organizations through CX platforms your SOC already approved

Hello there, let’s dive into the world of CX platforms processing billions of unstructured interactions every year. Picture this: survey forms, review sites, social feeds, call center transcripts, all feeding into AI engines triggering automated workflows that touch various systems like payroll, CRM, and payment systems. The scary part? No security tool in a leader’s stack is keeping an eye on what the AI engine of a CX platform is consuming, and cyber attackers have taken advantage of this vulnerability. They manipulate the data being fed into the AI, letting the AI do the dirty work for them.

In August 2025, the Salesloft/Drift breach exposed this exact danger. Attackers managed to compromise Salesloft’s GitHub environment, steal Drift chatbot OAuth tokens, and gain access to Salesforce environments across over 700 organizations, including big names like Cloudflare, Palo Alto Networks, and Zscaler. They then scoured the stolen data for valuable information like AWS keys, Snowflake tokens, and plaintext passwords, all without deploying any malware.

This gap in security is more significant than most leaders realize. While 98% of organizations have a data loss prevention (DLP) program, only a mere 6% have dedicated resources for it, a concerning stat from Proofpoint’s 2025 Voice of the CISO report. Additionally, 81% of interactive intrusions now leverage legitimate access rather than malware, as highlighted in CrowdStrike’s 2025 Threat Hunting Report, with cloud intrusions skyrocketing by 136% in the first half of 2025.

Assaf Keren, the chief security officer at Qualtrics, emphasized the critical importance of not underestimating the risks associated with experience management platforms. These platforms now have connections to vital systems like HRIS, CRM, and compensation engines, with Qualtrics alone processing a whopping 3.5 billion interactions annually. Organizations can’t afford to overlook input integrity once AI becomes part of the workflow.

VentureBeat engaged in several interviews with security leaders striving to bridge this security gap, uncovering six common control failures in every discussion.

Six blind spots between the security stack and the AI engine

1. DLP cannot see unstructured sentiment data leaving through standard API calls

Most DLP systems are designed to detect structured personally identifiable information (PII) like names, emails, and payment data. However, open-text responses in CX interactions often contain sensitive information like salary complaints, health disclosures, and executive critiques, which don’t match standard PII patterns, making them invisible to traditional DLP scans.

2. Zombie API tokens from finished campaigns are still live

Even after a CX campaign ends, OAuth tokens connecting the platform to essential systems like HRIS, CRM, and payment systems may remain active, creating potential lateral movement paths for attackers.

3. Public input channels have no bot mitigation before data reaches the AI engine

While web app firewalls can inspect HTTP payloads for web applications, they often do not cover public data sources like Trustpilot reviews or Google Maps ratings that feed into CX platforms, leaving these channels vulnerable to fraudulent activities.

4. Lateral movement from a compromised CX platform runs through approved API calls

Attackers often exploit legitimate access to compromised platforms, making it challenging for security teams to detect abnormal behaviors through standard authentication processes.

5. Non-technical users hold admin privileges nobody reviews

In many organizations, non-technical teams configure CX integrations without security oversight, potentially granting unauthorized access to critical systems.

6. Open-text feedback hits the database before PII gets masked

Free-text responses in CX interactions may contain sensitive information that bypasses structured PII classifiers, exposing personal data and creating additional risks in case of a breach.

Nobody owns this gap

These control failures underscore the lack of comprehensive security measures for CX platforms compared to other enterprise systems. As a result, security teams are now exploring new approaches to enhance CX-layer security, such as integrating posture management directly into the CX layer for continuous monitoring and automated protection.

Security leaders emphasize the importance of understanding not just the technical but also the business impact of AI-driven decisions based on potentially compromised data. It’s crucial to address these security gaps proactively to prevent wrong business decisions executed at machine speed.

So, let’s start by running an audit and addressing those zombie tokens before a potential breach spirals out of control. Remember, the AI won’t wait.

Leave a Reply

Your email address will not be published. Required fields are marked *