TL;DR: The Vercel breach began with a third-party OAuth consent grant that stayed valid long enough for attackers to reuse it after the third-party provider was compromised, allowing pivot into internal systems and customer API keys, according to Apono. The incident shows that standing privileges, not just exposed tools, determine blast radius in modern IAM and NHI governance.
At a glance
What this is: This is an analysis of the Vercel breach that traces the compromise back to a standing OAuth grant and argues for Zero Standing Privileges as the governing model.
Why it matters: It matters because OAuth grants, SaaS-to-SaaS trust, and AI-adjacent integrations are now part of the NHI attack surface and need the same controls as privileged human access.
👉 Read Apono's analysis of the Vercel breach and Zero Standing Privileges
Context
A standing OAuth grant can behave like a long-lived privileged credential, especially when it inherits broad workspace permissions and survives beyond the moment it was approved. In NHI governance terms, that turns a convenience control into a durable access path that attackers can reuse after a third-party compromise.
The Vercel incident is useful because it shows how identity risk now travels through human accounts, third-party apps, and internal systems in one chain. That pattern is common in modern SaaS environments, where access reviews often stop at login controls and miss the authorization grants that matter most.
Key questions
Q: How should security teams govern third-party OAuth grants in enterprise environments?
A: Security teams should treat third-party OAuth grants as privileged access, not as ordinary app settings. Each grant should have a business owner, a scope review, an expiry or revalidation date, and a revocation path. If a grant can reach sensitive data or internal systems, it belongs in the same governance workflow as elevated credentials and NHI inventory.
Q: When does standing access create more risk than it reduces?
A: Standing access creates more risk whenever the privilege outlives the task, the user, or the vendor relationship that justified it. That is especially true for OAuth tokens, service accounts, and automation identities because they are reusable, hard to notice, and often broadly scoped. If access can be granted just in time, standing access is usually unnecessary risk.
Q: What is the difference between OAuth consent and access approval?
A: OAuth consent is a user authorization for an application to act on their behalf, while access approval is a governance decision that limits scope, duration, and purpose. Consent alone can be too broad for sensitive environments. Approval adds policy, making the grant reviewable, revocable, and easier to align with least privilege.
Q: How can organisations reduce the blast radius of compromised AI or SaaS integrations?
A: Organisations should reduce blast radius by limiting scopes, shortening token lifetimes, segmenting high-risk systems, and requiring reapproval for sensitive actions. They should also inventory every integration that can reach identity platforms, cloud control planes, or production data. The goal is to ensure a stolen grant cannot move far or persist long.
Technical breakdown
How standing OAuth grants become privileged access
OAuth is designed to let a user authorize an application to act on their behalf without sharing a password. The risk appears when the grant is broad, long-lived, and poorly reviewed, because the token then behaves like a persistent credential. In this case, the third-party app inherited Workspace-level trust, and the stolen grant remained useful until it was revoked or expired. That is a classic NHI problem: an access artifact attached to an identity outlives the business need that created it. The control failure is not authentication alone, but authorization drift across time.
Practical implication: Treat OAuth grants as privileged entitlements and review them on a timed schedule, not only during user onboarding or offboarding.
Why zero standing privileges changes the blast radius
Zero Standing Privileges means no identity keeps permanent access to privileged resources. Instead, access is requested just in time, approved at the needed scope, and removed after the task or time window closes. Applied to SaaS and cloud access, this prevents a stolen token from carrying broad, reusable authority. It also forces the organization to separate routine collaboration from exceptional access, which is where many breach paths begin. The architectural value is not fewer identities, but less durable trust attached to each identity.
Practical implication: Use time-bound elevation for sensitive workspace actions, production access, and cross-application permissions so a single stolen grant cannot persist.
Why AI tools and copilots expand NHI exposure
AI tools, copilots, and automation platforms increasingly consume OAuth tokens and workspace permissions on behalf of people. That means every delegated connection becomes a non-human identity with execution authority. The more these integrations are allowed to operate with broad scopes, the harder it becomes for security teams to know which access is active, who approved it, and what it can reach. The attack surface is therefore not only the model or app itself, but the delegated identity layer underneath it. That is where governance must move next.
Practical implication: Inventory delegated AI and SaaS connections separately from human accounts and require explicit ownership for each grant.
Threat narrative
Attacker objective: Obtain valid workspace access and use that foothold to reach internal systems and sensitive credentials.
- Entry via a third-party OAuth consent grant that was approved with broad Workspace access.
- Escalation after the third-party provider was compromised and its stored OAuth grants were stolen.
- Impact through reuse of the victim's grant to access Workspace and pivot into internal systems and customer API keys.
Breaches seen in the wild
- Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.
- Reviewdog GitHub Action supply chain attack — reviewdog/action-setup GitHub Action supply chain attack exposed secrets.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Standing OAuth trust is now a privileged access problem, not a usability detail. When a consented integration can act broadly for months, the security model has already moved beyond simple app authorization. The breach shows that identity governance must include delegated SaaS access, not just employee login. Practitioners should treat every persistent grant as a reviewable privilege.
Zero Standing Privileges is the right response because it removes durable trust from the attack path. If no identity retains permanent access, stolen grants lose much of their value after the approved window closes. That makes ZSP more than a PAM pattern, since it also applies to workspace authorizations and cross-application delegation. Security teams should align access policy with the shortest workable time horizon.
Ephemeral credential trust debt is the new exposure category organizations are accumulating. Each long-lived token, consent grant, or delegated connection adds future risk that is invisible at the moment of approval. The debt grows when teams focus on login security but ignore authorization lifetime. Practitioners should measure how much access survives after business need ends and reduce that balance aggressively.
AI agents and SaaS automations increase the number of identities that can inherit human authority. The problem is not that these systems exist, but that they often inherit scopes designed for manual use. That mismatch makes old access assumptions brittle. Governance programs should define separate policy for delegated automation rather than extending human access patterns unchanged.
Security teams should expect more incidents to start with consent, not compromise of a password. As organizations adopt more third-party apps and agentic workflows, the first point of failure will increasingly be overbroad authorization. That shifts the control priority toward scope limitation, grant review, and automatic expiry. The practitioner conclusion is simple: consent needs lifecycle management.
From our research:
- 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation, according to The State of Secrets Sprawl 2026.
- 28.65 million new hardcoded secrets were detected in public GitHub commits in 2025 alone, a 34% year-over-year increase and the largest single-year jump ever recorded.
- 52 NHI Breaches Analysis helps teams map real breach patterns to identity controls and revocation gaps.
What this signals
Ephemeral credential trust debt: every long-lived token, delegated workspace grant, and reusable API key adds future exposure that most access reviews never see. With 64% of valid secrets leaked in 2022 still exploitable today, per The State of Secrets Sprawl 2026, the programme risk is not just compromise but delay in revocation and owner assignment.
Teams should expect consent-grant hygiene to become a board-level governance issue as AI tools and SaaS automations multiply. The practical response is to merge identity inventory, privilege review, and approval expiry into a single operating model, then align it with OWASP Non-Human Identity Top 10 and NIST SP 800-63 Digital Identity Guidelines.
The next control gap will be between what users are allowed to authorize and what the enterprise can safely tolerate. Security leaders should prepare for more incidents where the initial foothold is a legitimate consent event, not a password theft, and build workflow controls that can revoke and re-scope delegated access fast.
For practitioners
- Implement time-bound OAuth grant reviews Build a scheduled review process for third-party grants in Google Workspace and Microsoft 365. Focus on scopes, last-used timestamps, and business ownership, then revoke anything idle or broader than required.
- Map delegated apps to privileged access policy Classify SaaS integrations, copilots, and automation tools as privileged identities when they can act on behalf of users or reach internal systems. Apply approval, expiry, and logging controls similar to PAM.
- Require just-in-time elevation for sensitive workspace actions Separate routine collaboration from actions that expose production systems, environment variables, or customer data. Use just-in-time approval with short expiry so a compromised token cannot persist.
- Track consented third-party apps as NHI inventory Maintain an inventory of every app with workspace access, the owner who approved it, and the scope granted. Reconcile that inventory against access review records and remove orphaned grants.
Key takeaways
- The breach shows that a single standing OAuth grant can become the access path that determines overall blast radius.
- The real exposure is not third-party software by itself, but the lifetime and scope of the trust it inherits.
- Security teams should move delegated access into the same lifecycle discipline they apply to privileged human credentials.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Long-lived OAuth grants map directly to credential lifecycle and revocation risk. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access and managed entitlements are central to this breach pattern. |
| NIST Zero Trust (SP 800-207) | Continuous verification is needed when third-party tokens can act inside the environment. |
Align delegated access approvals to PR.AC-4 and enforce least privilege for every sensitive integration.
Key terms
- Standing OAuth Grant: A standing OAuth grant is a persistent authorization that lets an application act on a user's behalf without repeated approval. In security terms, it behaves like a reusable credential, so its scope, duration, and ownership need lifecycle controls just like any other privileged access artifact.
- Zero Standing Privileges: Zero Standing Privileges is an access model where no identity keeps permanent privileged access. Permissions are granted just in time, limited to the task, and removed automatically after use. This reduces the value of stolen credentials and narrows the blast radius of compromised users, services, or integrations.
- Delegated Access: Delegated access is permission that one identity gives another identity to perform actions on its behalf. It is common in SaaS apps, AI tools, and automation workflows. Because it often persists beyond the original task, delegated access must be inventoried, reviewed, and revoked like other non-human identities.
- Ephemeral Credential Trust Debt: Ephemeral credential trust debt is the accumulated risk created by short-lived but repeatedly renewed access grants that never get properly retired. Each token, consent grant, or temporary privilege may look harmless alone, but together they create a hidden backlog of future exposure and governance work.
Deepen your knowledge
OAuth grant governance and Zero Standing Privileges are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is trying to bring delegated access under control, this is a practical place to start.
This post draws on content published by Apono: One Checkbox Away: The Vercel Breach and the Case for Zero Standing Privileges. Read the original.
Published by the NHIMG editorial team on 2026-04-21.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
