OAuth trust gaps in Google Workspace: what IAM teams missed

TL;DR: A Context.ai compromise led to Vercel exposure after infostealer malware, stolen OAuth tokens, and permissive Google Workspace consent settings enabled lateral movement into internal systems, with the attacker reportedly seeking $2 million for the stolen data, according to Clutch Security. The breach shows that unmanaged OAuth trust relationships now function like standing NHI access, and review cycles cannot catch what consent already granted.

NHIMG editorial — based on content published by Clutch Security covering the Vercel breach: Six Hard Truths About the Vercel Breach (And What to Do About Them)

By the numbers:

• The stolen data reportedly includes API keys, NPM tokens, GitHub tokens, source code, and 580 employee records.

Questions worth separating out

Q: What breaks when OAuth consent is not centrally governed?

A: When consent is not centrally governed, employees can grant third-party apps persistent access to enterprise data without security review.

Q: Why do OAuth tokens increase lateral movement risk in SaaS environments?

A: OAuth tokens increase lateral movement risk because they can remain valid after the initial user session, bypass MFA, and preserve scoped access until revoked.

Q: How do security teams know if third-party app access is out of control?

A: Security teams know the problem is out of control when they cannot answer how many external apps have tenant access, what scopes they hold, and who approved them.

Practitioner guidance

• Restrict OAuth app consent by default Allow only admin-approved applications to receive enterprise scopes in Google Workspace and Microsoft 365, then document exceptions with business justification and expiry.
• Inventory every third-party app with delegated access Build a live register of OAuth grants, scopes, and owners that includes apps employees authorised directly, not just procured vendors.
• Classify OAuth tokens as high-value credentials Apply the same handling discipline used for API keys and service account secrets, including revocation workflows, scope minimisation, and alerting on unusual token use.

What's in the full article

Clutch Security's full blog post covers the operational detail this analysis intentionally leaves for the source:

• A blow-by-blow reconstruction of the Context.ai to Vercel compromise path, including the consent and token pivot points.
• The exact Google Workspace settings that allowed broad third-party access to proceed and how they changed the blast radius.
• Specific indicators of compromise, including the published OAuth app identifier and what to search for in tenant logs.
• The article's week-ahead action list for CISOs who need to tighten SaaS consent and delegated-access governance.

👉 Read Clutch Security's analysis of the Vercel breach and OAuth trust gaps →

OAuth trust gaps in Google Workspace: what IAM teams missed?

Explore further

View Full Forum →  |  NHI Foundation Course →