This wasn't even a prompt-injection or context-poisoning attack. The vulnerable infrastructure itself exposed everything to hack into the valuable parts of the company:
Public JS asset
→ discover backend URL
→ Unauthenticated GET request triggers debug error page
→ Environment variables expose admin credentials
→ access Admin panel
→ see live OAuth tokens
→ Query Microsoft Graph
→ Access Millions of user profiles
Hasty AI deployments amplify a familiar pattern: Speed pressure from management keeps the focus on the AI model's capabilities, leaving surrounding infrastructure as an afterthought — and security thinking concentrated where attention is, rather than where exposure is.