MFA stops many interactive logins, but it does not govern what happens after a user authorizes a third-party app. If attackers obtain OAuth tokens, they can use legitimate API paths without repeating the login step. The control gap is in delegated authorization and token lifecycle management, not just authentication strength.
Why This Matters for Security Teams
MFA creates a strong barrier at login, but token-based SaaS attacks bypass that moment entirely. Once a user approves an OAuth app or an attacker steals a bearer token, the service often treats the request as already trusted. That means the real risk sits in delegated authorization, consent abuse, and token lifetime, not in password strength alone. NHI security teams see this pattern repeatedly in incidents tied to stolen sessions and API access, including the Salesloft OAuth token breach and the wider breach patterns tracked in The 52 NHI breaches Report.
This matters because SaaS platforms increasingly expose rich APIs, background workflows, and connected apps that can act with broad user-scoped privilege. The attacker does not need to defeat MFA again if the token is still valid. Current guidance from CISA cyber threat advisories consistently points toward token theft, session hijacking, and consent abuse as major paths around interactive controls. In practice, many security teams discover this only after an approved app has already been used to move laterally or exfiltrate data, rather than through intentional login failure.
How It Works in Practice
Most SaaS token attacks follow a simple sequence. First, the user grants consent to a third-party app, often during a normal workflow. Then the attacker either steals the token from a compromised endpoint, abuses a malicious app registration, or extracts it from logs, browser storage, or a misconfigured integration. After that, the token can be replayed against API endpoints until it expires or is revoked. MFA does not re-run for those calls because the platform is validating delegated authorization, not interactive identity proof.
That is why the defensive focus has to move from “did the user log in?” to “what exactly can this token do, for how long, and under what conditions?” A practical control set usually includes:
- Short token lifetimes and strict refresh token handling, so stolen credentials age out quickly.
- Consent review and app allowlisting, so users cannot silently grant broad access.
- Scope minimization, so an app gets only the API permissions it truly needs.
- Continuous token and session revocation, especially after risk events or offboarding.
- Audit logging that ties API use back to the delegated principal, not just the human account.
NHI-specific research shows why this matters. GitGuardian’s Guide to the Secret Sprawl Challenge highlights how widely secrets and tokens spread across modern tooling, while Top 10 NHI Issues frames token lifecycle weakness as a core identity failure, not just a hygiene issue. For implementation detail, MITRE ATLAS adversarial AI threat matrix and NIST guidance on identity assurance both reinforce the need to treat machine-mediated access as a governed workflow. These controls tend to break down when legacy SaaS tenants allow broad offline access, long-lived refresh tokens, or weak admin visibility into connected apps.
Common Variations and Edge Cases
Tighter token governance often increases friction for users and administrators, so organisations have to balance security against workflow disruption. That tradeoff becomes especially visible in environments with high app churn, vendor-managed integrations, or business units that rely on ad hoc OAuth consent.
There is no universal standard for this yet, but current guidance suggests treating these cases differently rather than forcing one control model everywhere. Service-to-service integrations should use workload identity and short-lived credentials where possible, while user-authorized SaaS apps should be constrained by intent, scope, and time. Where the platform supports it, step-up approval for high-risk scopes is useful, but it should not be mistaken for a complete fix.
Edge cases also matter. Some tokens are bound to device, some are bearer-only, and some SaaS ecosystems allow offline access that survives endpoint remediation. In regulated or heavily integrated environments, the real challenge is usually not one stolen token, but a chain of approved access paths that were never designed for rapid revocation. Best practice is evolving toward continuous evaluation, least-privilege scopes, and rapid token invalidation across the identity stack, with Anthropic — first AI-orchestrated cyber espionage campaign report underscoring how quickly legitimate access can be weaponised once trust is established.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Token lifecycle weakness is a core NHI credential risk. |
| CSA MAESTRO | MAESTRO covers governance for agentic and delegated machine access. | |
| NIST AI RMF | AI RMF supports risk-based control of autonomous, tool-using systems. |
Constrain app consent, scope, and runtime approval for non-human access paths.
