SPIRL named a Rising Star by KuppingerCole Analysts
View the Report
Heather Howland
This isn’t a traditional Salesforce breach. The incident currently shaking the security industry didn’t begin with a Salesforce bug or a zero-day exploit. It began in Salesloft Drift, a third-party AI chatbot that integrated directly with Salesforce. Attackers stole OAuth tokens issued to Drift, and with them they gained access to Salesforce customer instances. From there, they exfiltrated some of the most dangerous assets in any enterprise: credentials.
The fallout spread quickly. Salesforce customers included some of the biggest names in security—Palo Alto Networks, Zscaler, and Cloudflare—and all were touched by the compromise. As Krebs on Security reported, the attackers didn’t stop at Salesforce. They also went after Salesloft Drift OAuth tokens used to access other major services, from AWS and Snowflake to Slack, Azure, Google Workspace, and OpenAI. Google even confirmed that a small number of Workspace accounts were accessed through the Drift integration and warned enterprises to assume any Drift-related tokens were compromised.
This campaign reveals an uncomfortable truth: credentials are not harmless plumbing. They are toxic data.
Like toxic waste, secrets persist long after their intended use. They spread invisibly through support tickets, cloud logs, Slack chats, SaaS connectors, and automation pipelines. They accumulate in forgotten corners of infrastructure, creating stockpiles of permanent trust. And when attackers find them, they weaponize them to devastating effect.
Salesloft itself admitted as much in its disclosure: the attackers’ primary goal was to steal credentials, not sales leads. AWS access keys, Snowflake tokens, passwords weren’t collateral damage, they were the prize. Once stolen, they become accelerants, giving attackers the ability to move laterally and escalate privileges across entire ecosystems.
The goal of this attack was simple: gain as much access as possible. The attackers didn’t smash through defenses, they logged in using stolen OAuth access tokens, then went hunting for even more credentials. It appears their prize wasn’t customer data in the abstract. It was API keys, passwords, and cloud tokens that unlock even broader systems.
The problem is that secrets rarely stay contained. Long-lived keys and tokens escape their intended environments, showing up in support tickets, logs, chats, and emails. Places they were never meant to be. Attackers know this. They deliberately target integrations and SaaS connectors because that’s where the richest stockpiles of credentials live.
The result for customers is painful. They are now forced into sweeping key-rotation campaigns, not because their own systems were breached, but because a supplier lost control of credentials that should never have been sitting there in the first place. The burden falls on the customer: rotating thousands of API keys, retracing what might have been exposed, absorbing the cost of lost productivity, outages, and reputational risk.
And the troubling part? Key rotation is only a temporary symptom management. At the next compromise, the same Sisyphus-like exercise begins again — pushing the same boulder back up the hill.
The only real cure is to change the model: stop issuing long-lived credentials. Replace them with short-lived, just-in-time identities that expire before they can be stolen or misused. It is better to eliminate toxic waste than to spend endless cycles managing it.
The industry’s instinct is always to respond with better controls: rotate tokens faster, vault them more securely, monitor them more aggressively. But those measures don’t change the reality that as long as these secrets exist, they represent toxic liabilities.
We are watching a model collapse in real time. Long-lived credentials are not assets; they are systemic weaknesses. Managing them at scale doesn’t reduce risk, it multiplies it. And every new SaaS integration, AI plugin, or automation bot increases the toxic footprint.
The way forward isn’t doubling down on management. It’s building a different model of identity and trust. That means credentials that expire automatically before they can be weaponized. It means continuous verification of every connection, rather than a one-time decision to trust forever. And it means extending governance to non-human identities—the bots, plugins, and AI agents that now act inside our systems with the power of insiders but none of the oversight.
The attackers understood what defenders too often ignore: secrets themselves are the real prize. By stealing OAuth tokens and cloud keys, they gained the ability to move across environments with ease, turning trust into the breach surface.
For security leaders, the lesson is clear. This was not simply another SaaS incident. It was a demonstration that the credential model is broken and that secrets are, in fact, toxic data. The question now is whether enterprises will continue to live with those toxic assets or finally build security architectures that eliminate them.
The Salesloft Drift / Salesforce incident shows why long-lived credentials are liabilities: once issued, they linger, spread, and create permanent trust that attackers can exploit. The only way to neutralize toxic data is to stop creating it in the first place.
That’s the problem SPIRL was built to solve. Instead of relying on static OAuth client secrets, API keys, or passwords, SPIRL issues short-lived, cryptographically verifiable identities for every non-human actor whether it’s a SaaS integration, a workload, or an AI agent. These identities expire automatically, so even if intercepted they can’t be reused.
Just as importantly, SPIRL enforces continuous verification and least-privilege access at every interaction. Integrations like Drift wouldn’t inherit broad, durable trust; they would only receive scoped, ephemeral identity for the specific action in context, with visibility and governance layered on top.
The result: no stockpiles of toxic credentials,, and no standing access for attackers to weaponize.
This breach proves the credential model is broken. SPIRL’s model shows it doesn’t have to stay that way.
.png)
.png)
.png)
