Your Company's AI Tool Might Be a Security Nightmare

Look, I'm not here to be the guy who says AI is gonna destroy everything. I review tech for a living—I want this stuff to work. But after listening to security experts Nick Selby and Sarah Wells break down what's actually happening when companies rush to adopt AI tools, I'm genuinely concerned. Not in a doomer way. In a "wait, nobody told me it works like that" way.

So picture this: Your company buys an AI chatbot to handle sales leads. Seems straightforward, right? Someone visits your site, the bot asks a couple questions, boom—scheduled meeting with a sales rep. Efficiency unlocked. Except Selby points out what that "simple" task actually requires: "In order to do that though, they needed to have access to Salesforce to be able to get your leads and your opportunities. In this case, the Google Workspace, but it could have been Microsoft 365 to be able to look at the calendars of all these different people. They needed access to some HR data because they needed to understand whose role it was and where the salespeople had their responsibilities."

That's... a lot? For booking a meeting? And here's what messes with me: this isn't even the AI doing something sketchy. This is the AI doing exactly what it's supposed to do. The problem is what happens when something goes wrong.

The Part Where Words Stop Meaning Things

Before we get into the scary stuff, we need to talk about something genuinely wild: AI companies are apparently just... redefining security terms. Selby mentions researcher Heidi Helof from the AI Now Institute, who's been tracking how "vulnerability management," "safety," and "red teaming" mean completely different things when AI vendors use them.

Like, your legal team hears "health and safety" and thinks product liability—stuff they understand from decades of case law. But when the AI company says it? They mean "our chatbot won't tell you how to make explosives." Which, sure, good! But also... not the same thing at all? It's like if I started using "water-resistant" to mean "will not start fires." Technically a feature, completely irrelevant to what you were asking about.

This language drift isn't an accident. It's making it really hard for anyone to assess actual risk because the vendors and the buyers aren't even speaking the same language anymore.

AI Tools Are Basically Data Vacuums

Wells points out something that should be obvious but somehow isn't: "To be valuable as an AI tool really, they need access to kind of the crown jewels of your company's data very often. So they're integrated with Salesforce, they're integrated with Slack, they're integrated with your G Suite."

The comparison Selby makes is brutal but fair: executives think they're buying enterprise software like Salesforce or Microsoft 365. Tools that have had decades to figure out security best practices. But AI tools? They're moving way faster. "AI tools, the first product requirement if you're selling an AI tool is you need to be able to suck in data from any place anywhere all the time," Selby explains.

And because these companies are racing to ship features, basic security stuff is getting skipped. They bring up the Drift/Salesloft breach—where a chatbot company got hacked and suddenly customer data was just... out there. Selby says they saw the breach hit threat intelligence channels at noon Eastern, but the official notification didn't come until 6 PM. Six hours where nobody knew their data was compromised.

That response time is not it.

Nobody Actually Knows What's Connected

The really frustrating part? Most companies can't even tell you what their AI tools have access to. Wells mentions how employees might grant calendar access individually, and suddenly the AI can see not just that person's calendar but anything shared with them. "It gets insidious and it grows," Selby notes. "There's a huge network effect here."

They call this the "blast radius"—what happens if this thing explodes in your organization. And spoiler: the blast radius is usually way bigger than anyone thinks. Because Sally from sales gave the AI access to her Google Calendar, and Bob shared his product roadmap with Sally, and now the AI has your unreleased product plans. Cool cool cool.

The wild part is this isn't a new problem—you should know what's connected to your Salesforce instance too. But AI tools are so aggressive about data access that the old "we'll figure it out eventually" approach doesn't work anymore.

What Actually Needs to Happen

Okay, so if you work in security or engineering and you're staring at this AI adoption wave like 😬, Selby and Wells have some actual advice. First: stop treating this as just a security problem. "This is actually an information technology issue," Selby says. It starts with business strategy.

The basic questions nobody's asking:

• What are we actually trying to accomplish with this AI tool?
• What's the minimum data it needs to do that?
• Where does that data currently live?
• What happens if this gets breached?

Wells emphasizes you need people from different teams in the room—sales, IT, product, security, engineering. Because Selby's right: "Not any of those teams is going to have the information that they need to be able to make these decisions in advance about how you define and then reduce the blast radius."

Your revenue team will (correctly) want to know when they can turn the tool back on after an incident. Your security team will (correctly) want to move cautiously. Neither perspective is wrong, but someone has to balance them.

The Minimum Permission Principle

Once you know what data the AI actually needs, give it only that. Not admin access to everything. Not "eh, it might need this eventually." The bare minimum. Then monitor to make sure those permissions don't drift over time (they will try to drift).

And you need your own telemetry so you can detect when something weird happens before the vendor tells you—which, as we saw, might be hours after the breach starts.

Wells points out the second time you deal with an AI security incident, you're way better prepared. You know who to call, what to disable, how fast you can move. But that first time is chaos. Better to have the playbook ready before you need it.

The Trade-Off Nobody Wants to Admit

Look, I get it. Board members are asking why you're not using AI. Your competitors are announcing AI features. There's real pressure to ship something, anything, to show you're not falling behind.

But the trade-off is stark: you're betting that these rapidly-shipped AI tools won't become the entry point for a massive data breach. And right now, the security track record is... not great?

The honest answer is that adopting AI responsibly is slower and harder than buying a tool and flipping it on. You need cross-functional meetings. You need to map data flows. You need monitoring and incident response plans. All that takes time, which is the thing everyone's trying to save by using AI in the first place.

It's a weird paradox, and I don't have a clean answer for it. What I do know is that "we didn't realize it had access to that" is a really bad sentence to say during a security incident.

Maybe the real question isn't whether to adopt AI—it's whether your organization can afford to adopt it badly. Because based on what Selby and Wells are seeing, a lot of companies are about to find out.

—Tyler Nakamura, Consumer Tech & Gadgets Correspondent