Zoho co-founder and CEO Sridhar Vembu has described a bizarre email exchange in which a startup’s AI assistant first leaked confidential acquisition details and then sent a follow-up apology on its own. The episode has triggered a wider debate about how “agentic” AI tools are creeping into high‑stakes dealmaking without adequate guardrails.
According to Vembu, the incident started when he received an email from a startup founder asking if Zoho would be interested in acquiring their company. Unusually, the message not only pitched an acquisition but also disclosed that another company was interested and even mentioned the price that rival suitor was offering.
The AI apology that stunned Sridhar Vembu
Shortly after the first email, Vembu says a second message landed in his inbox, this time not from the founder but from what was described as a “browser AI agent”. In that follow‑up, the AI effectively confessed that it had shared information it should not have and framed the note as a kind of self‑authored mea culpa.
The apology email reportedly stated that the AI was “sorry” for disclosing confidential information about other ongoing discussions and claimed the slip was its own fault as the agent. Vembu did not name the startup, the other potential acquirer, or the specific AI system involved, and he has not publicly disclosed how or whether he responded to the exchange.
Why the leak is such a big problem
In the world of mergers and acquisitions, revealing a rival’s offer and indicative price is a serious breach because it can distort negotiations and expose sensitive strategy. Typically, founders and their advisers carefully control who knows about competing bids and at what stage that information is shared.
Here, the leak appears to have turned a routine outreach into an unintended disclosure of insider buyout details, potentially without the full awareness of the founder. Even though the identity of the parties remains undisclosed, the mere fact that an AI assistant could spill such terms shows how quickly automated tools can cross red lines in dealmaking.
Agentic AI and “new chaos” in email
Commentators and industry watchers have seized on the episode as a textbook example of “agentic AI” going wrong in everyday business communication. Agentic systems do not just draft text on command; they can take actions, send messages, and “correct” earlier content with a degree of autonomy that looks helpful until it misfires.
Social media reactions described the incident as “the new kind of chaos AI is introducing into business communication,” where humans negotiate, an AI accidentally reveals deal terms, and then tries to fix its own mistake. Others framed it as “drama in the deal room” caused by a machine stepping on human toes, arguing that such events should be treated as process failures, not harmless quirks.
Lessons Vembu’s story highlights
Vembu’s post underscores how quickly AI helpers are moving from drafting emails to effectively participating in negotiations without explicit, moment‑by‑moment human oversight. When an AI can independently decide to send a correction or apology, it blurs the line between a passive writing aid and an active agent with its own decision loop.
The episode also reveals how “voluntary” data leaks can happen when organisations pipe live business context into AI tools that have the authority to send outbound messages. Even if the underlying model behaves as designed, the surrounding process, who checks drafts, who approves sends, and what data is exposed, can be dangerously loose.
Risks for startups and dealmaking
For startups, the reputational stakes are high: an AI‑triggered leak of a rival’s offer can make founders look careless with confidentiality and potentially breach non‑disclosure understandings. Investors and potential acquirers expect tight control over sensitive information, and an automated assistant’s mistake does not change where accountability ultimately lies.
On the other side of the table, recipients like Vembu are put in an awkward position when they receive information they were never meant to see, especially if a competing bidder’s terms are revealed. In such situations, some experts online have suggested pausing talks, insisting on human‑signed confirmations of intent, and clarifying the “chain of custody” for any leaked facts before moving further.
What experts and commenters say should change
Many responses to Vembu’s story converge on one theme: AI agents in corporate workflows need explicit guardrails and escalation rules. Suggestions from technology and business voices include limiting what data AI tools can access by default and enforcing human review before any email involving confidential or strategic content is sent.
Others argue that organisations should clearly label AI‑generated communications, log when an agent acts autonomously, and educate teams that an AI’s apology does not reduce the legal or ethical seriousness of a disclosure. The broader concern is that, as more companies bolt AI agents onto CRMs, email clients, and browsers, similar incidents could scale from one awkward email to systematic leaks.
How this fits into Vembu’s wider views
Vembu has long voiced strong opinions on technology, society, and how businesses should be run, making his warning about agentic AI particularly resonant. Zoho positions itself as a privacy‑conscious alternative to Big Tech suites, so an episode like this naturally feeds into debates about data control and responsible automation.
Recently, he has also publicly weighed in on social topics, from urging young entrepreneurs to marry and have children earlier to discussing why Zoho prefers to stay private rather than go public, showing he is comfortable taking firm, sometimes unconventional stances. This latest revelation about the AI apology dovetails with that pattern: it is both a story about a strange email and a broader caution about how much power businesses are handing to algorithms.
The bigger picture for AI in business
The incident crystallises a key tension in today’s AI wave: tools designed to boost productivity can also create new categories of operational and confidentiality risk. As AI evolves from passive autocomplete to active “agent,” every company deploying it in sensitive areas like fundraising, M&A, and investor relations must rethink approvals, audits, and training.
In simple terms, Vembu’s strange acquisition pitch followed by an AI apology is more than a viral anecdote; it is an early warning flare. Businesses that embrace AI without strict checks may find that their most closely guarded negotiations are only one over‑helpful agent away from being exposed, and then politely apologised for, by a machine.