Enterprise security leaders rank AI supply chain security as their top investment priority, but their concerns look nothing like traditional software supply chain risks. Acuvity’s 2025 State of AI Security report reveals that practitioners worry most about data sources, embeddings, external APIs, and SaaS-embedded AI features, while model provenance ranks fourth at just 13%.

The first major AI-adjacent SaaS supply-chain breach has arrived. In August 2025, attackers exploited integrations tied to Salesloft’s Drift app, an AI chatbot and sales automation assistant, to compromise OAuth tokens and pivot into Salesforce and Google Workspace.  This was not…