Vercel Incident Demonstrates OAuth Token Abuse in AI‑Tool Integration

In early March 2024, Vercel’s security team detected unusual activity in internal repositories linked to a third‑party AI service. Investigation revealed that an employee had connected the AI tool to Vercel via OAuth, granting it broad access to code repositories and configuration files. The AI tool’s token was later stolen, likely through a phishing campaign targeting the employee’s personal account, and the attacker replayed the token to move laterally.

The breach involved no malware, zero‑day vulnerability, or direct exploitation of Vercel’s infrastructure. Instead, attackers abused a valid OAuth access token (MITRE ATT&CK T1550.001) that had been granted to the AI tool. Using that token, they accessed internal source code, environment variables, and build logs, but Vercel stated no customer data or production systems were compromised. The scope was limited to a handful of internal projects, and the incident was contained within hours of detection.

The event underscores a shift in SaaS security where the perimeter is defined by granted access rather than network boundaries. As AI‑driven tools proliferate, organizations accumulate numerous OAuth grants that are rarely reviewed, creating standing privileges that attackers can hijack. Security teams must treat token legitimacy as a continuous control, not a one‑time grant.

Rotate and shorten the lifespan of OAuth tokens, enforce token binding to specific devices, and require re‑authorization after a set period. Implement centralized inventory of all OAuth grants and automate removal of unused or over‑privileged tokens. Enable anomaly detection for token usage patterns (e.g., sudden access from unfamiliar IPs) and alert on privilege escalation attempts (MITRE T1078.004). Finally, enforce MFA and conditional access policies for any account that can approve OAuth connections.