Dropbox was one of the first cloud storage companies to provide online storage, backups, and sharing for people looking to store their files online. It has since grown its product to include more features, and offers cloud storage for personal to enterprise use. However, Dropbox has a past of security breaches, data leaks, password leaks, and sharing data without user consent. We go into details about these incidents and the following topics within this article.

Your CNAPP flags a misconfigured service account. Your CSPM warns about an overly permissive IAM role. Your container scanner reports vulnerabilities in a model-serving image. But none of these tools can tell you that an AI agent just called an internal admin API it has never touched before — or that a prompt injection caused your LLM to leak customer data through a RAG connector.

Today, Cloudflare is introducing a new suite of fraud prevention capabilities designed to stop account abuse before it starts. We've spent years empowering Cloudflare customers to protect their applications from automated attacks, but the threat landscape has evolved. The industrialization of hybrid automated-and-human abuse presents a complex security challenge to website owners.

Your SOC gets three alerts in quick succession: an unusual outbound connection from a container, a file read on a Kubernetes service account token, and a process spawn that doesn’t match the workload’s baseline. Three different tools, three separate dashboards, three tickets.

AI agents are rapidly becoming embedded in enterprise workflows, influencing revenue operations, customer engagement, development, and internal decision-making. As these systems gain autonomy and inherit access across SaaS, cloud, and endpoint environments, they introduce a new layer of operational and security risk that traditional controls cannot fully manage.

Forget the breach notification email. Forget the security audit trail. A fintech user opened their chatbot last year, saw someone else’s account details staring back at them, and filed a support ticket. That’s how the team found out their LLM had been leaking customer PII for weeks. LLM data security isn’t a checkbox. It’s an architecture decision. Make it before the first model call, not after the first breach. Most teams get one expensive lesson before they understand that.