TL;DR: Third-party OAuth applications can preserve access after password resets and MFA enforcement, turning account takeover into delegated app abuse rather than simple credential theft, according to Proofpoint’s analysis of the April 2026 Vercel incident. The control problem is not just login security, but governance over which apps can act on behalf of users and how long those grants remain valid.
At a glance
What this is: This analysis shows how third-party OAuth apps can create durable access paths that survive normal authentication recovery steps and enable account takeover through trusted application grants.
Why it matters: IAM, IGA, PAM, and NHI teams need to govern delegated access as aggressively as credentials, because OAuth grants can outlive password resets, MFA changes, and user awareness.
By the numbers:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
👉 Read Proofpoint's analysis of the Vercel OAuth incident and persistent access paths
Context
Third-party OAuth applications change the identity problem from password-centric authentication to delegated access governance. Once a user authorises an app, that app can continue to act within the enterprise environment using tokens and granted scopes, even when the original account is later reset or hardened.
The April 2026 Vercel incident illustrates a common cloud governance failure pattern: a trusted application path can become the attacker’s persistence layer. That makes third-party app approval, permission scope review, and token revocation part of identity security, not a separate SaaS hygiene task.
For IAM and NHI programmes, the lesson is simple. If an external app can act with enterprise authority, it needs lifecycle control, risk classification, and detection coverage comparable to other privileged identities. That starting position is typical in modern SaaS environments, not an edge case.
Key questions
Q: How should security teams govern OAuth apps that have access to developer systems?
A: Security teams should treat OAuth apps as privileged NHIs and inventory them continuously, not just at approval time. Each app needs an owner, a business justification, a scope review, and a revocation path. The key test is downstream reach, because a single delegated identity can expose source code, secrets, or deployment workflows if it is overprivileged or forgotten.
Q: Why are OAuth tokens risky even when MFA is enforced for users?
A: MFA protects the user login, but OAuth tokens can keep working after the initial approval without repeated user authentication. If the token is long-lived or refreshable, access may persist independently of the user’s password changes, role changes, or departure from the organisation.
Q: What breaks when organisations do not review third-party app permissions?
A: What breaks is visibility into who can act with enterprise authority outside normal login flows. Unreviewed permissions create durable access paths, broaden the attack surface, and make it difficult to detect when a legitimate app becomes an attacker’s backdoor. In practice, teams lose the ability to separate approved business use from persistent abuse.
Q: Who is accountable when a trusted system is abused for mass impact?
A: Accountability sits with the owners of the privileged platform, the identity controls around it, and the resilience team responsible for containment. Frameworks such as NIST CSF and NIST SP 800-53 expect organisations to manage access, audit high-risk actions, and limit operational impact. If a control plane can wipe or expose assets at scale, that is a governance failure, not just an incident.
Technical breakdown
OAuth grants as delegated identity, not just app permissions
OAuth is often treated as a convenience layer for SaaS integration, but operationally it is delegated identity. When a user authorises a third-party application, the app receives scoped tokens that can act on the user’s behalf without re-prompting for credentials. Those grants may cover mailbox access, files, directory data, or environment-linked resources depending on the consent model. The important shift is that authentication no longer bounds the attack surface. The effective control point becomes the app grant, the token lifetime, and the scope of what the app can do once it is trusted.
Practical implication: Treat OAuth authorisation as an identity event that requires review, approval policy, and revocation capability.
Why account takeover persists after password resets and MFA
Password resets and MFA changes only address interactive authentication. They do not automatically invalidate every delegated token, refresh token, or application session already authorised in the environment. That is why account takeover can continue through the application layer even after the user account itself is secured. In this pattern, the attacker does not need to keep defeating login controls. They simply keep using the trusted application path that was already granted access. This is one reason modern ATO detection has to look for authorisation abuse, not only credential compromise.
Practical implication: Pair user recovery actions with token and app-grant invalidation so authentication fixes do not leave persistence behind.
Third-party OAuth apps as a persistence mechanism in cloud environments
OAuth apps can create durable access because their permissions often outlast the event that introduced them. If the app is authorised broadly, and if the provider or endpoint is later compromised, the attacker may inherit a legitimate access path that does not look suspicious at login. This is especially risky in collaboration and productivity ecosystems where applications can access messages, files, and metadata programmatically. The mechanism is not exploitation of a software flaw in the usual sense. It is abuse of an authorised trust relationship, which makes visibility into app prevalence, permission scope, and drift essential.
Practical implication: Inventory authorised apps, classify high-risk scopes, and revoke any connection that cannot be justified by business need.
Threat narrative
Attacker objective: The attacker’s objective is to retain trusted access long enough to quietly read sensitive data and maintain a backdoor through authorised applications.
- Entry occurs when a user authorises a third-party OAuth application inside the corporate environment, creating a trusted delegated access path.
- Escalation follows when the app or its upstream provider is compromised, allowing attackers to reuse valid tokens or delegated permissions without re-entering credentials.
- Impact occurs when attackers operate as a legitimate app or user and read internal resources, environment variables, or credentials while persistence survives password resets.
Breaches seen in the wild
- Vercel Context.ai OAuth Supply Chain Breach — Shadow AI app Context.ai OAuth integration exposes Vercel customer data via unmanaged third-party token.
- Salesloft OAuth token breach — hackers stole OAuth tokens to access Salesforce data via Salesloft.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
OAuth persistence is a governance failure, not just an authentication failure. Once a third-party app receives delegated access, the organisation has created a durable identity path that sits outside normal login controls. Password resets, MFA enforcement, and session hardening do not remove that path unless token and app-grant governance exists. The implication is that access reviews must extend to trusted applications, not stop at user accounts.
Third-party OAuth app governance is now core identity work. The article shows that app authorisation can expand the attack surface faster than most teams can review it, especially when new AI productivity tools enter the environment without formal assessment. OWASP Non-Human Identity Top 10 guidance applies here because the app behaves like a non-human identity with persistent authority. Practitioners need to classify app risk by permission scope, not by whether the app was approved once.
Persistent access paths create identity blast radius that outlives the initial compromise. The central problem is not whether login was bypassed, but whether the attacker can keep acting through a trusted integration after the compromise event ends. That is a lifecycle problem across IAM, IGA, and NHI governance. The practitioner conclusion is that revocation must target the grant itself, not only the human account attached to it.
Visibility into delegated access is the missing control plane for modern ATO. The article’s core lesson is that the security boundary has moved to application trust, token lifetime, and scope drift. 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which means most programmes cannot reliably answer who can act on whose behalf. Practitioners should treat app authorisations as inventory, risk, and response objects, not passive configuration.
App abuse links human identity, NHI, and supply chain governance in one failure mode. A human authorises the app, the app functions as a non-human identity, and the upstream provider or endpoint becomes the compromise source. That interaction means teams cannot silo responsibility across IAM, SaaS security, and NHI controls. The field needs a single governance model for delegated access that spans all three layers.
From our research:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
- That confidence gap reinforces why teams should use Top 10 NHI Issues to prioritise delegated access governance alongside human IAM.
What this signals
Third-party OAuth grants are becoming a measurable blind spot in identity programmes. When delegated access persists beyond authentication, the real control problem is not login success but app lifecycle control. Teams should expect their IAM and SaaS governance roadmaps to converge on continuous app review, token revocation, and permission drift detection.
OAuth authorisation is now part of the non-human identity surface. A trusted app can function with durable authority that looks less like a user session and more like an NHI with delegated power. That makes app inventory, scope classification, and offboarding as relevant to identity teams as password policy once was.
With 85% of organisations lacking full visibility into third-party vendors connected via OAuth apps, per The State of Non-Human Identity Security, the governance gap is structural, not incidental. Most environments cannot confidently answer which integrations still have standing authority, which means review processes are already behind the threat surface.
For practitioners
- Inventory every authorised OAuth application Build a current list of apps with access to collaboration, cloud, and directory data. Include granted scopes, last-used dates, and the user or team that authorised each one. Prioritise apps with mailbox, file, or directory permissions first.
- Revoke persistence after recovery events When you reset passwords or enforce MFA, also revoke tokens, refresh tokens, and risky third-party app grants. Recovery that stops at the account leaves application-level persistence intact.
- Classify AI and productivity apps by delegated authority Treat emerging AI tools as NHI-adjacent integrations that can act on behalf of users. Require approval, scope review, and owner accountability before they are allowed to access corporate resources.
- Detect authorisation drift and unusual app behaviour Alert when new OAuth apps are authorised, when permissions expand, or when an app begins reading resources at a rate inconsistent with its normal business purpose. Correlate those events with user compromise signals and token abuse indicators.
- Remove unnecessary grants before they become backdoors Set a periodic review for low-use, unowned, or duplicate app authorisations. If a grant cannot be tied to a live business process, remove it and document the exception only when there is a clear operational need.
Key takeaways
- OAuth-based account takeover is really delegated access abuse, because authorised apps can keep acting after the original login is repaired.
- The scale of the problem is governance blind spot, not just technical misuse, because most organisations do not have full visibility into third-party app connections.
- The control that changes outcomes is lifecycle governance over app grants, tokens, and scopes, not password resets alone.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and MITRE ATT&CK address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | The article centers on third-party app governance and token persistence. |
| NIST CSF 2.0 | PR.AC-4 | Delegated app access is an access-control and least-privilege issue. |
| MITRE ATT&CK | TA0006 , Credential Access; TA0010 , Exfiltration | The attack uses valid tokens to access and read internal resources. |
| NIST SP 800-53 Rev 5 | IA-5 | Tokens and app grants are authenticators that need lifecycle control. |
| NIST Zero Trust (SP 800-207) | Continuous verification is required when trusted app access persists. |
Map token abuse to credential access and exfiltration tactics for detection coverage.
Key terms
- OAuth Grant: An OAuth grant is the delegated permission an application receives to act on a user's behalf without storing the user's password. In NHI governance, it should be treated as a standing identity relationship with scope, ownership, and revocation requirements, not as a one-time setup detail.
- Delegated Access: Delegated access is permission granted to one identity to act on behalf of another user, service, or system. In NHI environments, this usually appears in OAuth-connected apps and automation tooling. It is powerful, but it must be tightly scoped and reviewed because it can persist long after the original business need ends.
- Token Persistence: Token persistence is the retention of access or refresh tokens beyond the immediate task that justified them. In browser-based integrations, it increases the chance of unauthorized reuse, complicates revocation, and creates a governance problem because the credential outlives the user’s intent.
- Permission Drift: Permission drift is the gradual expansion of access beyond what was originally intended. It happens when roles, tokens, and service accounts accumulate unused rights over time, making cloud identities harder to review and more dangerous to compromise.
What's in the full article
Proofpoint's full analysis covers the operational detail this post intentionally leaves for the source:
- The exact detection and response logic for risky OAuth authorisations and token abuse.
- Operational guidance on auditing authorised applications and identifying unnecessary scopes.
- The specific remediation steps for rotating secrets and removing persistent access paths.
- The collaboration security workflow Proofpoint describes for revoking malicious app access.
👉 The full Proofpoint post covers OAuth abuse detection, app governance, and token revocation detail.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM, IGA, or NHI programme, it is worth exploring.
Published by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org