Executive Summary
- The Salesloft Drift breach (August 8–18, 2025) exposed customer data across 700+ downstream organizations, including Cloudflare, Palo Alto Networks, Zscaler, Tenable, Proofpoint, and Google’s own Salesforce instance. Attackers stole OAuth tokens from a single AI chat vendor and pivoted into every integrated Salesforce, Slack, and Google Workspace tenant. Some victims found AWS keys, Snowflake tokens, and VPN credentials in the stolen data — pasted into support cases by their own staff (Krebs on Security, September 1, 2025; Google Threat Intelligence Group, August 26, 2025).
- When the AI vendor is the breach origin, you are still the one who owes your customers a notification. The vendor’s disclosure is not your discovery — but a reasonable person standard means the clock is closer to starting than most GCs realize.
- California SB-446 (signed 2025) now requires notification to affected residents within 30 calendar days and to the AG within 15 calendar days of consumer notification for breaches over 500 CA residents. GDPR remains 72 hours to the supervisory authority. SEC Item 1.05 still requires an 8-K within 4 business days of materiality determination for public companies — and a vendor breach can be material.
- The three documents that determine your exposure — vendor DPA, cyber policy, and the vendor’s trust-portal disclosures — are rarely sitting together. The first hour is about pulling them into one room, not about investigating the technical breach (which is the vendor’s job and, frankly, largely out of your hands).
- Cyber insurers sued their own policyholders’ vendors 14 times through Q3 2025 to recover losses. Waiver of subrogation and additional-insured status in vendor contracts determines whether YOUR insurer becomes your adversary. Check before you file the claim, not after.
What Makes This Different From Your Own AI Incident
A first-party incident — your AI tool did something wrong — puts you in the actor’s chair. Moffatt v. Air Canada governs, disclaimers fail, and the legal question is whether you exercised reasonable oversight. That workflow is covered separately.
A third-party AI vendor breach puts you in a different chair entirely:
- You are the victim, which unlocks contract remedies (indemnity, SLA credits, termination for cause) but does not excuse your downstream notification duties.
- The vendor owns the forensics. You cannot image their AWS environment or read their OAuth logs. You are dependent on what they choose to tell you and when.
- The clock is not the vendor’s clock. GDPR, CCPA, HIPAA, NYDFS, and SEC timelines run from YOUR discovery, not the vendor’s. “Discovery” is a reasonable-person standard — reading a vendor trust-portal advisory can start it.
- Your insurer may have subrogation rights against the vendor — but only if you have not inadvertently waived them, and only if the policy was written to contemplate AI vendor failure.
Salesloft Drift is the reference case because the pattern is now common: one AI vendor, OAuth-integrated into hundreds of platforms, compromised once, ripples everywhere.
The First 72 Hours: What the GC and CFO Do, In Order
Hour 0–1: Pull three documents into one room
Before anyone touches a keyboard:
- The vendor Data Processing Addendum (DPA) or Master Services Agreement. Find the breach-notification clause, the indemnity cap, the security-incident definition, and the termination-for-cause language. If the DPA says “notify without undue delay” with no hour count, flag it — that language loses in court against a 72-hour statutory clock.
- Your cyber insurance policy and any AI-specific E&O rider. Check two things: whether AI vendor failure is covered or excluded (the Harvard Law School Forum on Corporate Governance found AI exclusions proliferated through 2025), and whether the policy requires notification before investigation (most do).
- The vendor’s trust-portal page, advisory emails, and any status updates. Screenshot them. These will be the admissible record of what was disclosed and when.
If the DPA and policy are not in the same folder in 60 minutes, that is your first finding — and it is a governance problem, not a breach problem.
Hour 1–4: Classify the exposure, not the breach
The vendor will tell you what they know about the breach. You need to tell yourself what they know about YOUR tenant. Three questions:
- What data did the vendor process on your behalf? Not “what does their marketing page say” — pull the actual integration scope: which Salesforce objects, which Slack channels, which email fields.
- Is any of it regulated? PHI, PII of California residents, EU personal data, financial account data, children’s data, trade-secret-marked content. Each triggers a different clock.
- Did your staff embed credentials in support cases or chat logs with the vendor? This is the Salesloft Drift lesson. The vendor’s breach became a credential-harvesting event because customers had pasted AWS keys and Snowflake tokens into support tickets.
Hour 4–24: Notify your insurer. Do not investigate first.
Most cyber policies require notification of a “security incident” — and a vendor breach qualifies — before the policyholder conducts independent investigation, engages outside counsel, or issues public statements. Breaching the notification condition can void coverage entirely.
The email is short: “We received notification from [vendor] on [date] of a security incident potentially affecting our tenant. We are opening a claim under [policy number] and requesting panel counsel assignment.” That is enough to preserve the policy. Investigation follows after.
Hour 24–72: Run the statutory clocks in parallel
| Regime | Trigger | Deadline | Who |
|---|---|---|---|
| GDPR Art. 33 | Controller awareness | 72 hours to supervisory authority | GC / DPO |
| California SB-446 (2025) | Discovery | 30 days to residents; 15 days to AG after resident notice (>500 CA residents) | GC |
| HIPAA §164.410 | BA notice to covered entity | 60 days to individuals | GC / Privacy Officer |
| NYDFS 23 NYCRR 500.17(a) | Determination of cybersecurity event | 72 hours | CISO / GC |
| SEC Reg S-K Item 1.05 | Materiality determination | 4 business days via 8-K | GC / CFO |
| FINRA / SEC / FBI / CISA | Firm-discretion reporting | ASAP | CISO / GC |
The SEC Item 1.05 trigger is the one most public-company GCs miss on vendor breaches. Materiality is not “was the breach big” — it is “would a reasonable investor care.” A vendor breach that exposes customer contact data for a company whose moat is its customer relationships is probably material.
Hour 48–72: Preserve your contract rights
Your vendor wants you to keep using the product. Your insurer wants you to preserve subrogation. Both positions are legitimate. The GC’s job is to:
- Send a written reservation-of-rights letter to the vendor. Do not terminate and do not waive.
- Request the vendor’s SOC 2 Type II with the incident window included, their root cause analysis, and their notification log showing when each downstream customer was told.
- Confirm in writing which SLA credits, indemnities, and liability caps apply. Most AI vendor MSAs cap indemnity at 12 months of fees — which is often immaterial versus your breach-notification costs.
- Ask your insurer, in writing, whether subrogation is being pursued. If yes, you may need to preserve evidence the vendor would otherwise destroy in their normal retention cycle.
The Credential-in-Support-Cases Problem
The Salesloft Drift breach was not primarily a customer-data breach. It was a credential-harvesting operation that worked because downstream customers had pasted secrets into vendor support conversations. Google’s Threat Intelligence Group specifically flagged AWS keys, Snowflake tokens, Azure credentials, and OpenAI API keys as exposed because customers had sent them to Salesloft Drift as troubleshooting context.
If any of the following applies to your organization, treat the vendor breach as a credential event until proven otherwise:
- Staff have permission to open support tickets that include screenshots or logs
- Your AI vendor integration has write access or broad read scopes via OAuth
- You have ever copy-pasted an error trace that contained a header, token, or connection string into any vendor chat
The remediation is credential rotation across every system the vendor could have seen in text, not just the system the vendor was integrated with. That is a larger scope than most incident response plans contemplate.
Key Data Points
| Fact | Detail | Date | Source |
|---|---|---|---|
| Salesloft Drift breach scope | 700+ organizations directly, 5,000+ potentially | Aug 8–18, 2025 | Google TIG; Krebs on Security |
| Named downstream victims | Cloudflare, Palo Alto Networks, Zscaler, Tenable, Proofpoint, Google’s Salesforce instance | Aug–Sep 2025 | The Hacker News |
| Gap: vendor first disclosure to full advisory | Aug 20 (“security issue”) → Aug 26 (token theft confirmed) | 2025 | Krebs on Security |
| California consumer notification window | 30 days from discovery | SB-446, effective 2026 | Data Protection Report (Nov 2025) |
| California AG notification | 15 days after consumer notice (>500 residents) | SB-446 | Hunton Privacy Law Blog |
| GDPR supervisory authority | 72 hours from controller awareness | Art. 33 GDPR | EDPB guidance |
| SEC public-company reporting | 4 business days from materiality | Reg S-K Item 1.05 | SEC final rule (2023, enforced through 2025) |
| Cyber subrogation trend | Ace filed $500K claim Sep 2025 naming vendors as co-defendants | Sept 2025 | Hunton Insurance Recovery Blog |
| Credential-embed finding | AWS keys, Snowflake tokens, Azure creds, OpenAI keys exposed via support-case text | Aug 2025 | Google Threat Intelligence Group |
All sources published Q3 2025 or later — TIER 1 freshness, cited directly without caveat.
What This Means for Your Organization
Every mid-market company is a downstream customer of at least a dozen AI-enabled SaaS vendors. Salesforce, HubSpot, Microsoft, Google, ServiceNow, and every industry-specific tool in your stack has some generative-AI component bolted on since 2024, and each of those components integrates via OAuth into the systems that hold your customer data. The Salesloft Drift pattern — one vendor, one compromise, hundreds of downstream victims — is the template for the next five years. You will get one of these notification emails. Maybe already have.
The work that makes the first 72 hours manageable is work done before the email arrives. It is a one-page register listing every AI vendor, the DPA breach-notification clause, the indemnity cap, the cyber policy coverage question (“is this vendor covered?”), and the named additional-insured status. Building that register takes 10–15 hours of a GC’s time. Not building it means your first 72 hours after a breach notification will be spent gathering the same information with the statutory clocks already running.
If reading this raised questions specific to the AI vendors in your stack or the gaps in your current DPA template, I’d welcome the conversation — brandon@brandonsneider.com.
Sources
- Krebs on Security, “The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft,” September 1, 2025. https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/ — HIGH credibility, independent security journalism with primary-source reporting.
- FINRA, “Cybersecurity Alert — Salesloft Drift AI Supply Chain Attack,” August–September 2025. https://www.finra.org/rules-guidance/guidance/salesloft-drift-AI-supply-chain-attack — HIGH credibility, self-regulatory organization guidance.
- Google Cloud Threat Intelligence Group / Mandiant, “Widespread Data Theft Targets Salesforce Instances via Salesloft Drift,” August 26, 2025. https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift — HIGH credibility, primary forensic investigator.
- The Hacker News, “Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations,” September 3, 2025. https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html — MEDIUM credibility, specialist cybersecurity outlet; corroborates primary sources.
- Norton Rose Fulbright Data Protection Report, “California tightens data breach notification timelines,” November 2025. https://www.dataprotectionreport.com/2025/11/california-tightens-data-breach-notification-timelines-imposes-30-day-notice-requirement/ — HIGH credibility, law firm client memo on statutory text of SB-446.
- Hunton Andrews Kurth, “The Hidden Risk Factor: Vendor Contracts in the Cyber Insurance Era,” 2025. https://www.hunton.com/hunton-insurance-recovery-blog/the-hidden-risk-factor-vendor-contracts-in-the-cyber-insurance-era — HIGH credibility, specialized insurance recovery practice.
- Hunton Andrews Kurth, “Cyber Insurer Sues Policyholder’s Cyber Pros,” 2025. https://www.hunton.com/privacy-and-information-security-law/cyber-insurer-sues-policyholders-cyber-pros — HIGH credibility, primary-source case reporting.
- Amwins, “Navigating Cyber Insurance for Vendor Agreements,” 2025. https://www.amwins.com/resources-and-insights/market-insights/article/navigating-cyber-insurance-for-vendor-agreements — MEDIUM credibility, insurance broker market-insight memo.
- IAPP, “US State Data Breach Notification Chart,” continuously updated. https://iapp.org/resources/article/state-data-breach-notification-chart — HIGH credibility, professional association reference resource.
Brandon Sneider | brandon@brandonsneider.com April 2026