"If an AI-enabled app is breached, any integral agentic AI can be used first to access data from connected systems, secondly to cascade from the one breach to a breach of every other AI-enabled environment within the organization - and potentially to expand further into AI-enabled environments in other organizations."
"UNC6395 attackers compromised Salesloft's internal systems, starting with their GitHub repositories and moving from there into the Drift AWS environment. Here they stole the active OAuth and refresh tokens used by customers to connect the Drift Chatbot to local installations of Salesforce and other apps such as Slack."
"Armed with the legitimate pre-approved OAuth token, the attackers were able to impersonate Drift and log directly into Salesforce installations into companies also using the Drift chatbot. One breach of a SaaS app (Drift) cascaded into hundreds of compromises in different companies across the globe."
A Grip Security report analyzing 23,000 SaaS environments reveals critical security vulnerabilities in AI-enabled applications. All companies studied operate SaaS environments with embedded AI, averaging 140 AI-enabled applications per organization. Public SaaS attacks increased 490% year-over-year, with 80% of incidents involving PII or customer data. The Salesloft Drift breach exemplifies cascading risks: attackers compromised Drift's systems, stole OAuth tokens, and impersonated the service to access Salesforce installations across 700+ organizations including major security firms. This demonstrates how a single SaaS breach can propagate through interconnected AI environments, creating widespread organizational compromise.
#saas-security #ai-enabled-applications #cascading-breaches #oauth-token-compromise #supply-chain-attacks
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]