The fastest way to get CISSP Certified. Join our bootcamp
August 8, 2025. Somewhere, attackers were already inside Salesloft's systems, stealing OAuth tokens. Nobody knew yet.
August 18. Ten days of data theft. Still undetected.
August 20. Salesloft finally disclosed a "security issue" in their Drift AI chatbot. They told customers to re-authenticate. What they didn't say: the tokens were already stolen. The damage was already done.
August 26. Google Threat Intelligence dropped the real story: over 700 companies had their Salesforce data exfiltrated. Palo Alto Networks. Cloudflare. Zscaler. Even the security vendors got hit.
This wasn't a vulnerability in Salesforce. This wasn't even a direct attack on those 700 companies. This was one compromised AI chatbot that had legitimate access to everything.
Here's why AI chatbots are different:
Traditional software does one thing. An accounting system handles finances. A CRM manages customer data. Security controls are straightforward because the application's scope is limited.
AI chatbots need to be everywhere. To function effectively, Drift connected to Salesforce, Slack, Google Workspace, Amazon S3, Microsoft Azure, OpenAI, and hundreds of other services. Each integration required an OAuth token—a key that grants access without repeatedly asking for passwords.
When attackers compromised Salesloft, they didn't just get one system. They got keys to 700+ corporate environments. Every integration became an entry point. Every OAuth token became a weapon.
The attackers knew exactly what they had. Google found them sifting through stolen data looking for AWS keys, VPN credentials, Snowflake access—anything that would let them pivot deeper into victim networks.
One company stood out: Okta. The attackers targeted them with stolen tokens. But Okta's data wasn't breached. Why? They had implemented IP allow-listing. The stolen token only worked from pre-approved IP addresses. When attackers tried using it from their own infrastructure, the connection was instantly blocked.
This is the AI security problem nobody's talking about:
We're deploying AI systems that require unprecedented access across our entire technology stack. We're giving them OAuth tokens to dozens of services. We're trusting them with data from multiple sources. And we're doing it faster than we're building security controls designed for AI.
Traditional security assumes you can draw a perimeter. AI chatbots don't have perimeters—they integrate with everything by design. Traditional security assumes limited access. AI systems need broad access to be useful. Traditional security frameworks weren't built for this.
Organizations need professionals who understand AI-specific security challenges. Not just general security principles applied to AI, but security designed for how AI systems actually work. How they integrate. How they access data. How they can be exploited.
That's what AAISM (Advanced in AI Security Management) teaches. Released by ISACA in August 2025, it's the first certification specifically designed for AI security management. Our recent students are among the first certified AI security professionals globally—joining an elite group leading this emerging field.
AAISM covers AI governance, risk management specific to AI technologies, and implementing security controls designed for AI systems. It addresses threats like supply chain attacks on AI integrations, OAuth token management in AI platforms, and securing data flows across AI-connected services.
Our next AAISM bootcamp starts February 9-11, 2026.
Three days of intensive training on AI security management fundamentals, AI-specific threats, governance frameworks, and risk mitigation strategies. Taught by experts who understand both AI systems and security architecture.
Stay secure,
The DestCert Team
P.S. AAISM requires CISSP or CISM certification to get certified. Need to build that foundation? Our next CISSP bootcamp runs January 12-16 and the next CISM bootcamp runs February 9-12. Both give you the security management fundamentals AAISM builds upon—and you'll learn from the same expert instructors who teach AAISM.
Get certified faster by stacking your certifications strategically.
The easiest and fastest way to pass the CISM exam
Master Information Security Management. Our team has helped thousands of professionals succeed with advanced certifications like CISSP and CCSP. Now we've taken that same proven and tailored it specifically for CISM!
The Easiest Way to Pass Your Advanced in AI Security Management (AAISM) Exam
Master AI Security Leadership. We’ve designed this bootcamp for cybersecurity professionals ready to take their expertise into the AI era. You’ll master practical frameworks for securing real-world AI systems and earn the certification that proves you’re ahead of the curve.
Prepare to Pass CCSP: Get the Right CCSP
APP
Studying for the CCSP? Big news! We’ve just added 1,000 brand-new questions to our CCSP Exam Prep App—giving you even more ways to test your knowledge and boost your confidence. Whether you're brushing up on cloud security concepts or getting serious about exam day, the updated app is packed with fresh content that reflects the latest exam trends. Study anytime, anywhere, and get one step closer to becoming CCSP certified.
Free CCSP Data Center Design Mini MasterClass
If you’re interested in cloud security, check out our new FREE Mini MasterClass. It digs into data center design.
It’s based on the CCSP certification requirements, but even if you’re not thinking of getting certified, what you learn is very useful in practice if you ever need to deal with data centers.