Learning from the Vercel breach: Shadow AI & OAuth sprawl

When employees connect unapproved AI apps to work platforms like Google Workspace or Salesforce using OAuth (a system that lets apps access your accounts), they create persistent bridges that attackers can exploit if the AI app gets hacked. The Vercel breach showed this risk in action: an employee used a trial version of Context.ai without approval, and when Context.ai was compromised, attackers used the OAuth tokens (digital keys that grant access) to reach sensitive Vercel data like API keys and employee records.