CX platforms are responsible for handling billions of unstructured interactions each year. These interactions come from various sources such as survey forms, review sites, social media feeds, call center transcripts, and more. They are processed by AI engines that trigger automated workflows which interact with payroll systems, CRM platforms, and payment systems. Unfortunately, many security operation center leaders fail to recognize the risks associated with these AI engines and the data they consume, leaving them vulnerable to attacks.
One significant breach that highlighted this issue occurred in August 2025 involving Salesloft and Drift. Attackers were able to compromise Salesloft’s GitHub environment, steal Drift chatbot OAuth tokens, and access Salesforce environments across over 700 organizations, including major companies like Cloudflare, Palo Alto Networks, and Zscaler. They scanned the stolen data for valuable information like AWS keys, Snowflake tokens, and plaintext passwords without deploying any malware.
Despite the prevalence of data loss prevention (DLP) programs, only a small percentage of organizations allocate dedicated resources to address these issues. This lack of focus on input integrity can lead to severe consequences as attackers increasingly exploit legitimate access rather than relying on malware to carry out intrusions.
Experience management platforms like Qualtrics process billions of interactions annually, connecting with various systems such as HRIS, CRM, and compensation engines. The rise of AI in workflows has made it crucial for organizations to prioritize input integrity to prevent data breaches and unauthorized access.
Security leaders are actively working to bridge the gap between the security stack and AI engines within CX platforms. Six key control failures have been identified in this process, including issues related to unstructured data leaving the system, live API tokens from past campaigns, lack of bot mitigation for public input channels, and more.
To address these blind spots, security teams are exploring new solutions such as extending security posture management tools, implementing API security gateways, and applying CASB-style access controls to CX admin accounts. The goal is to ensure continuous monitoring of data access, real-time visibility into misconfigurations, and automated protection to enforce policy compliance.
By integrating posture management directly into the CX layer, security teams can gain better control over program activity, configurations, and data access. This approach offers a more comprehensive security solution tailored to the unique challenges posed by CX platforms.
Ultimately, it is essential for organizations to consider both the technical and business implications of security breaches within CX platforms. Ensuring the accuracy and integrity of data used for business decisions is critical to preventing costly mistakes and safeguarding sensitive information. Conducting regular audits and addressing issues like zombie tokens can help mitigate the risk of breaches and protect against potential threats.