Last September, a developer opened their email client and sent a message to a client. Normal enough.

But somewhere in that email — invisibly, silently — a copy went somewhere else. Not to a spam filter. Not to a backup server. To an attacker.

They weren't hacked in the traditional sense. No phishing link. No password breach. The tool they were using to send the email — an AI tool, one they'd installed in about thirty seconds — had been quietly updated. And that update had one extra line of code.

This wasn't an obscure vulnerability. Thousands of developers were using the same tool. Almost none of them knew.

That's the story I want to unpack today.

AlertManager offers the possibility to configure receivers to forward grouped alerts to multiple notification integrations.