Vercel Employee's AI Tool Access Led to Data Breach

Summary

A Vercel employee's credentials were compromised, granting attackers access to AI tools and the ability to steal OAuth tokens that led to a data breach. Security researchers highlight that stolen OAuth tokens have become a primary attack vector for lateral movement and unauthorized access. The incident underscores the expanding attack surface created by AI-assisted development tools and token-based authentication.

Indicators of Compromise

• malware — OAuth token theft

Entities