In June 2025, a disturbing security failure surfaced involving McDonald’s AI-powered hiring assistant, Olivia, operated by Paradox.ai. The platform, designed to screen job applicants via chatbot, exposed the personal information of over 64 million people. That included names, contact info, shift preferences, and even chat transcripts.
The root cause? A combination of missteps that highlight the growing risk of insecure APIs in modern, AI-driven systems:
- Rouge internal APIs exposed externally
- API vulnerable to BOLA (Broken Object Level Authorization) that allowed attackers to pull applicant records, including private conversations with the chatbot
- An exposed admin account with the password “123456”
What Went Wrong
This wasn’t a case of advanced AI going off the rails. It was about how AI connects to your systems: through APIs.
Here’s what happened:
- A test admin account hadn’t been deactivated and was protected by a weak, default password. Once accessed, it granted full administrative privileges.
- A backend API accepted predictable applicant IDs with no authorization checks. This allowed attackers to iterate through records and collect applicant data, including chat logs.
This is a textbook example of Broken Object Level Authorization (BOLA), also known as Insecure Direct Object Reference (IDOR). It’s one of the most common and dangerous API vulnerabilities in use today.
Why This Is a CISO Alert
This breach reveals a hard truth for today’s security leaders:
AI agents and systems are fully integrated into your infrastructure. They’re not just generating content. They’re taking actions, triggering workflows, and accessing sensitive data through APIs.
When those APIs are:
- Unmonitored
- Poorly secured
- Built with logic flaws like BOLA
Your organization is exposed in ways traditional perimeter tools simply can't detect.
Salt’s Point of View: The Real Risk Is in the API Fabric
We see this at Salt every day. LLMs and AI agents don’t just talk. They act. They call APIs, fetch records, submit requests, and even chain actions together.
That means:
- Every AI-driven decision becomes a potential attack surface
- Internal APIs, even those thought to be "safe," can be exploited if flawed
- Admin interfaces exposed to the internet become high-value targets
The most troubling part? Most security teams don’t even know these APIs exist.
What Needs to Change
Step 1: Inventory Every API in Your Environment
Test endpoints, internal services, forgotten admin panels — if you don’t know about them, you can’t secure them.
Step 2: Understand Business Logic, Not Just Traffic
BOLA is not a high-volume attack. It’s subtle. You need to understand who is accessing what object, and whether that access should be allowed.
Step 3: Treat Admin APIs Like Production Systems
Internal doesn't mean safe. Admin APIs should be hardened, monitored, and access-controlled with the same rigor as your most critical assets.
What Salt Delivers
Salt provides:
- Comprehensive visibility into every API, including shadow and undocumented endpoints
- Context-aware behavior analysis to detect logic abuse like BOLA, privilege escalation, or chaining
- Real-time detection and protection based on how APIs are used, not just known signatures
AI is becoming the front end for more and more enterprise workflows. If you can’t see or control the APIs powering those actions, you’re flying blind.
The Bottom Line
The threat isn’t the AI agents. The threat is what it’s connected to.
McDonald’s breach wasn’t caused by a chatbot malfunction. It was a failure to secure the API infrastructure that powered it. As AI becomes more embedded in business systems, the API layer becomes the primary target.
Get a free external scan (no deployment needed!) to see if you have any internal APIs exposed unintentionally.