The Vercel Breach: How One Forgotten OAuth Token Exposed an Entire Platform

A Vercel employee signed up for a free AI productivity tool, granted it broad OAuth permissions to their Google Workspace, and forgot about it. Months later, that single dormant token became the entry point for one of 2026's most consequential supply chain breaches — exposing customer API keys, database credentials, and internal platform secrets without ever triggering a password prompt or MFA challenge.

Anatomy of the Vercel OAuth Supply Chain Attack

The breach did not start at Vercel. It began at Context.ai, a small, now-deprecated AI office suite product. In early 2026, a Context.ai employee was infected with Lumma Stealer malware — reportedly after downloading a game exploit. The infostealer harvested stored OAuth tokens from the employee's machine, including tokens belonging to users who had previously authorized the Context.ai application.

Among those users was a Vercel employee who had trialed Context.ai months earlier using their enterprise Google Workspace account. Critically, the employee had granted the app "Allow All" permissions — a broad OAuth scope that provided persistent access to email, documents, and internal resources. Because OAuth tokens bypass password and MFA challenges entirely, the attacker walked straight into the Vercel employee's Google Workspace without triggering any authentication alerts.

From that foothold, the attacker pivoted laterally: internal dashboards, employee records, NPM publishing tokens, GitHub access tokens, and — most damaging — a subset of customer environment variables stored on Vercel's platform. These environment variables contained API keys, database credentials, and deployment secrets in plaintext. On April 19, the threat group ShinyHunters posted samples on BreachForums and demanded $2 million.

Why OAuth Sprawl Is a Silent Threat to Enterprise Security

The Vercel breach is not a story about a sophisticated zero-day exploit or a novel attack technique. It is a story about OAuth sprawl — the unchecked accumulation of third-party application permissions across an organization's identity fabric. Every SaaS trial, every AI tool demo, every "Sign in with Google" click creates a persistent trust relationship that lives outside traditional access management controls.

Unlike passwords, OAuth tokens do not expire on logout. Unlike session cookies, they survive device wipes. Unlike MFA, they are never challenged after initial grant. A single overprivileged OAuth grant can persist for months or years, silently bridging an organization's most sensitive systems to a third-party application whose security posture is entirely unknown.

Research from Push Security found that the average enterprise has over 900 OAuth integrations, with 15% of them carrying overprivileged scopes. Most security teams have no inventory of these grants, no monitoring for token usage anomalies, and no automated revocation process when employees leave or when third-party vendors are decommissioned.

Shadow AI Amplifies the Risk

The Vercel breach also highlights a rapidly growing vector: shadow AI. As generative AI tools proliferate, employees across every department are experimenting with AI assistants, copilots, and automation platforms — often without IT or security approval. Each of these tools typically requests OAuth access to email, calendars, documents, or cloud storage to function.

The Context.ai application that triggered this breach was exactly this type of tool: a consumer-grade AI product that an employee tried briefly and abandoned. But the OAuth token it held remained active, creating an invisible bridge from a compromised third-party startup directly into Vercel's enterprise infrastructure.

For financial institutions handling customer financial data, cardholder information, and regulatory reports, the risk is exponentially higher. A single shadow AI tool with OAuth access to a compliance officer's email could expose audit findings, regulatory correspondence, and customer PII — all without any malware ever touching the institution's own network.

Direct Impact on Saudi Financial Institutions Under SAMA and NCA Oversight

Saudi financial institutions operate under some of the region's most rigorous cybersecurity frameworks, including SAMA's Cyber Security Common Controls (CSCC) and the NCA's Essential Cybersecurity Controls (ECC). Both frameworks explicitly address the risks exposed by the Vercel breach.

SAMA CSCC Domain 3 (Third-Party Cyber Security) requires institutions to assess and monitor the cybersecurity posture of all third-party service providers — including SaaS and AI tools that employees may adopt informally. The Vercel breach demonstrates that a vendor's security posture is only as strong as its weakest OAuth-connected partner, creating a transitive trust chain that most vendor risk assessments fail to capture.

NCA ECC Control 2-7 (Identity and Access Management) mandates strict control over authentication tokens, session management, and privilege assignment. OAuth tokens that bypass MFA and persist indefinitely represent a direct violation of these controls. Additionally, PDPL (Personal Data Protection Law) Article 14 requires organizations to implement appropriate technical measures to protect personal data — including data stored in environment variables and API credentials that could provide access to customer records.

Under PCI-DSS 4.0 Requirement 8.6, service and application accounts must be managed with time-limited credentials and periodic rotation. Long-lived OAuth tokens with broad scopes directly contradict this requirement, potentially jeopardizing compliance for any institution processing card payments through platforms with unmanaged OAuth integrations.

Actionable Steps to Mitigate OAuth and Shadow AI Risks

1. Inventory all OAuth grants across your Google Workspace and Microsoft 365 tenants. Use the admin consoles' built-in OAuth app audit logs or deploy a dedicated SaaS security posture management (SSPM) tool. Any grant you cannot attribute to an approved business process should be revoked immediately.
2. Enforce OAuth application whitelisting. Configure your identity provider to block unauthorized third-party applications from requesting OAuth tokens. In Google Workspace Admin Console, navigate to Security → API Controls → App Access Control and restrict access to verified, pre-approved applications only.
3. Implement token lifetime policies. Reduce OAuth token expiry to 24-72 hours for high-privilege scopes. Require re-authorization for any application that has been dormant for more than 30 days. This single control would have prevented the Vercel breach entirely.
4. Deploy real-time OAuth anomaly detection. Monitor for unusual token usage patterns: tokens used from new IP ranges, tokens accessing resources outside normal business hours, or tokens that suddenly increase their API call volume after months of inactivity.
5. Establish a formal shadow AI governance policy. Require employees to submit AI tool requests through IT security review before granting any OAuth permissions. Include AI tool assessments in your third-party vendor risk management program per SAMA CSCC requirements.
6. Conduct quarterly OAuth entitlement reviews. Treat OAuth grants with the same rigor as privileged access reviews. Map each active grant to a business owner, verify the scope is still appropriate, and confirm the third-party vendor's security posture has not degraded.

Conclusion

The Vercel breach is a stark reminder that modern supply chain attacks do not need malware on your network or exploits in your code. They need only a single forgotten OAuth token — a ghost permission from a trial that ended months ago but whose access never did. For Saudi financial institutions navigating SAMA CSCC, NCA ECC, and PDPL requirements, OAuth sprawl and shadow AI represent a compliance gap that traditional perimeter and endpoint security tools cannot address. The fix is not more firewalls; it is identity hygiene, token governance, and relentless visibility into every trust relationship your organization maintains.

Is your organization prepared? Contact Fyntralink for a complimentary SAMA Cyber Maturity Assessment that includes a full OAuth and shadow AI risk evaluation.