How attackers hit 700 organizations through CX platforms your SOC already approved
Essential brief
CX platforms process billions of unstructured interactions a year: Survey forms, review sites, social feeds, call center transcripts, all flowing into A
Key facts
Highlights
Why it matters
CX platforms process billions of unstructured interactions a year: Survey forms, review sites, social feeds, call center transcripts, all flowing into AI engines that trigger automated workflows touching payroll, CRM, and payment systems. No tool in a security operation center leader’s stack inspects wha
CX platforms process billions of unstructured interactions a year: Survey forms, review sites, social feeds, call center transcripts, all flowing into AI engines that trigger automated workflows touching payroll, CRM, and payment systems.
No tool in a security operation center leader’s stack inspects what a CX platform’s AI engine is ingesting, and attackers figured this out.
They poison the data feeding it, and the AI does the damage for them.
The Salesloft/Drift breach in August 2025 proved exactly this.
Attackers compromised Salesloft’s GitHub environment , stole Drift chatbot OAuth tokens, and accessed Salesforce environments across 700+ organizations, including Cloudflare, Palo Alto Networks, and Zscaler.
It then scanned stolen data for AWS keys, Snowflake tokens, and plaintext passwords.
And no malware was deployed.
That gap is wider than most security leaders realize: 98% of organizations have a data loss prevention (DLP) program, but only 6% have dedicated resources , according to Proofpoint’s 2025 Voice of the CISO report, which surveyed 1,600 CISOs across 16 countries.
And 81% of interactive intrusions now use legitimate access rather than malware, per CrowdStrike’s 2025 Threat Hunting Report.
Cloud intrusions surged 136% in the first half of 2025. “Most security teams still classify experience management platforms as ‘survey tools,’ which sit in the same risk tier as a project management app,” Assaf Keren, chief security officer at Qualtrics and former CISO at PayPal, told VentureBeat in a recent interview. “This is a massive miscategorization.
These platforms now connect to HRIS, CRM, and compensation engines.” Qualtrics alone processes 3.5 billion interactions annually , a figure the company says has doubled since 2023.
Organizations can't afford to skip steps on input integrity once AI enters the workflow.
VentureBeat spent several weeks interviewing security leaders working to close this gap.
Six control failures surfaced in every conversation.
Six blind spots between the security stack and the AI engine 1.
DLP cannot see unstructured sentiment data leaving through standard API calls Most DLP policies classify structured personally identifiable information (PII): names, emails, and payment data.
Open-text CX responses contain salary complaints, health disclosures, and executive criticism.
None matches standard PII patterns.