Edited by humans. Written by AI. How our editing works
All articles

Your Company's AI Tool Might Be a Security Nightmare

AI chatbots need access to everything. Security experts Nick Selby and Sarah Wells explain why that's terrifying—and what your company should do about it.

Tyler Nakamura

Written by AI. Tyler Nakamura

February 23, 20267 min read
Share:
Two speakers in black and white portrait format with "goto;" branding and names Sarah Wells and Nick Selby displayed…

Photo: GOTO Conferences / YouTube

Look, I'm not here to be the guy who says AI is gonna destroy everything. I review tech for a living—I want this stuff to work. But after listening to security experts Nick Selby and Sarah Wells break down what's actually happening when companies rush to adopt AI tools, I'm genuinely concerned. Not in a doomer way. In a "wait, nobody told me it works like that" way.

So picture this: Your company buys an AI chatbot to handle sales leads. Seems straightforward, right? Someone visits your site, the bot asks a couple questions, boom—scheduled meeting with a sales rep. Efficiency unlocked. Except Selby points out what that "simple" task actually requires: "In order to do that though, they needed to have access to Salesforce to be able to get your leads and your opportunities. In this case, the Google Workspace, but it could have been Microsoft 365 to be able to look at the calendars of all these different people. They needed access to some HR data because they needed to understand whose role it was and where the salespeople had their responsibilities."

That's... a lot? For booking a meeting? And here's what messes with me: this isn't even the AI doing something sketchy. This is the AI doing exactly what it's supposed to do. The problem is what happens when something goes wrong.

The Part Where Words Stop Meaning Things

Before we get into the scary stuff, we need to talk about something genuinely wild: AI companies are apparently just... redefining security terms. Selby mentions researcher Heidi Helof from the AI Now Institute, who's been tracking how "vulnerability management," "safety," and "red teaming" mean completely different things when AI vendors use them.

Like, your legal team hears "health and safety" and thinks product liability—stuff they understand from decades of case law. But when the AI company says it? They mean "our chatbot won't tell you how to make explosives." Which, sure, good! But also... not the same thing at all? It's like if I started using "water-resistant" to mean "will not start fires." Technically a feature, completely irrelevant to what you were asking about.

This language drift isn't an accident. It's making it really hard for anyone to assess actual risk because the vendors and the buyers aren't even speaking the same language anymore.

AI Tools Are Basically Data Vacuums

Wells points out something that should be obvious but somehow isn't: "To be valuable as an AI tool really, they need access to kind of the crown jewels of your company's data very often. So they're integrated with Salesforce, they're integrated with Slack, they're integrated with your G Suite."

The comparison Selby makes is brutal but fair: executives think they're buying enterprise software like Salesforce or Microsoft 365. Tools that have had decades to figure out security best practices. But AI tools? They're moving way faster. "AI tools, the first product requirement if you're selling an AI tool is you need to be able to suck in data from any place anywhere all the time," Selby explains.

And because these companies are racing to ship features, basic security stuff is getting skipped. They bring up the Drift/Salesloft breach—where a chatbot company got hacked and suddenly customer data was just... out there. Selby says they saw the breach hit threat intelligence channels at noon Eastern, but the official notification didn't come until 6 PM. Six hours where nobody knew their data was compromised.

That response time is not it.

Nobody Actually Knows What's Connected

The really frustrating part? Most companies can't even tell you what their AI tools have access to. Wells mentions how employees might grant calendar access individually, and suddenly the AI can see not just that person's calendar but anything shared with them. "It gets insidious and it grows," Selby notes. "There's a huge network effect here."

They call this the "blast radius"—what happens if this thing explodes in your organization. And spoiler: the blast radius is usually way bigger than anyone thinks. Because Sally from sales gave the AI access to her Google Calendar, and Bob shared his product roadmap with Sally, and now the AI has your unreleased product plans. Cool cool cool.

The wild part is this isn't a new problem—you should know what's connected to your Salesforce instance too. But AI tools are so aggressive about data access that the old "we'll figure it out eventually" approach doesn't work anymore.

What Actually Needs to Happen

Okay, so if you work in security or engineering and you're staring at this AI adoption wave like 😬, Selby and Wells have some actual advice. First: stop treating this as just a security problem. "This is actually an information technology issue," Selby says. It starts with business strategy.

The basic questions nobody's asking:

  • What are we actually trying to accomplish with this AI tool?
  • What's the minimum data it needs to do that?
  • Where does that data currently live?
  • What happens if this gets breached?

Wells emphasizes you need people from different teams in the room—sales, IT, product, security, engineering. Because Selby's right: "Not any of those teams is going to have the information that they need to be able to make these decisions in advance about how you define and then reduce the blast radius."

Your revenue team will (correctly) want to know when they can turn the tool back on after an incident. Your security team will (correctly) want to move cautiously. Neither perspective is wrong, but someone has to balance them.

The Minimum Permission Principle

Once you know what data the AI actually needs, give it only that. Not admin access to everything. Not "eh, it might need this eventually." The bare minimum. Then monitor to make sure those permissions don't drift over time (they will try to drift).

And you need your own telemetry so you can detect when something weird happens before the vendor tells you—which, as we saw, might be hours after the breach starts.

Wells points out the second time you deal with an AI security incident, you're way better prepared. You know who to call, what to disable, how fast you can move. But that first time is chaos. Better to have the playbook ready before you need it.

The Trade-Off Nobody Wants to Admit

Look, I get it. Board members are asking why you're not using AI. Your competitors are announcing AI features. There's real pressure to ship something, anything, to show you're not falling behind.

But the trade-off is stark: you're betting that these rapidly-shipped AI tools won't become the entry point for a massive data breach. And right now, the security track record is... not great?

The honest answer is that adopting AI responsibly is slower and harder than buying a tool and flipping it on. You need cross-functional meetings. You need to map data flows. You need monitoring and incident response plans. All that takes time, which is the thing everyone's trying to save by using AI in the first place.

It's a weird paradox, and I don't have a clean answer for it. What I do know is that "we didn't realize it had access to that" is a really bad sentence to say during a security incident.

Maybe the real question isn't whether to adopt AI—it's whether your organization can afford to adopt it badly. Because based on what Selby and Wells are seeing, a lot of companies are about to find out.

—Tyler Nakamura, Consumer Tech & Gadgets Correspondent

From the BuzzRAG Team

AI Moves Fast. We Keep You Current.

Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.

Weekly digestNo spamUnsubscribe anytime

More Like This

Two men react dramatically next to an open PC case with multiple storage drives, with "BATTLE MATRIX" text overlay and…

Intel Arc Pro B60: Testing 96GB of AI VRAM for $5K

Level1Techs tests Intel's Battle Matrix with four Arc Pro B60 GPUs—96GB VRAM for the price of an RTX 5090. Real-world AI performance examined.

Tyler Nakamura·5 months ago·5 min read
Two men discussing AI safety in front of neon-lit screens with "think series" branding and text overlay reading "Govern and…

AI Agents Are Getting Autonomy. Here's What Could Go Wrong

Autonomous AI agents promise huge efficiency gains, but they also introduce new attack surfaces and governance nightmares. What you need to know.

Tyler Nakamura·5 months ago·6 min read
Two men in discussion with neon text overlay about AI, quantum computing, and cybersecurity risks in the background

Navigating AI and Quantum Threats: A Fun Security Guide

Explore AI and quantum computing risks with humor, insights, and strategies from Jeff Crume and Glenn Schmitz.

Tyler Nakamura·6 months ago·3 min read
Shocked businessman in suit against dark background with "SHOTS FIRED" text in white and red

Anthropic's Anti-Ad Campaign Takes Direct Shot at ChatGPT

Anthropic released humorous ads criticizing OpenAI's decision to monetize ChatGPT with advertising. Here's what's actually at stake in this AI showdown.

Tyler Nakamura·5 months ago·6 min read
UN AI Summit: Big Room, Bigger Questions on Governance

UN AI Summit: Big Room, Bigger Questions on Governance

193 countries met in Geneva to tackle AI governance. The warnings were credible. The robots were cool. The binding rules? Still not there.

Tyler Nakamura·1 week ago·6 min read
Man wearing glasses with skeptical expression beside text "TOO GOOD TO RELEASE?" against black background with decorative…

Anthropic's Claude Mythos Found Thousands of Zero-Days

Anthropic's new Claude Mythos AI discovered thousands of zero-day vulnerabilities, prompting a defensive security initiative before public release.

Tyler Nakamura·3 months ago·6 min read
Man in beanie holding AI compute invoice totaling $287.43, with "Beat 20 People" text overlay on black background

The Karpathy Loop: When AI Runs 700 Experiments Overnight

Andre Karpathy's AI agent ran 700 experiments while he slept, found bugs he missed, and cut training time 11%. Here's what that means for everyone else.

Tyler Nakamura·3 months ago·7 min read
Multiple rockets launching diagonally across a space background with planets and constellations, featuring gear symbols and…

Async Rust Performance: What Most Developers Get Wrong

Code to the Moon breaks down async Rust and Tokio misconceptions that kill performance. Single-threaded concurrency vs parallelism explained.

Tyler Nakamura·3 months ago·6 min read

RAG·vector embedding

2026-04-15
1,537 tokens1536-dimmodel text-embedding-3-small

This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.