Shadow AI and OAuth tokens: what IAM teams are missing

TL;DR: Vercel’s breach reportedly began with an employee approving broad OAuth access for an unapproved AI tool, then escalated through a stolen token into Google Workspace and internal systems before stolen data surfaced on BreachForums, according to Josys. The incident shows that visibility into SaaS integrations and permission chains now matters as much as endpoint security.

NHIMG editorial — based on content published by Josys covering the Vercel breach: 5 Things the Vercel Breach Reveals About Shadow AI and Your Organization

By the numbers:

• 78% of employees use AI tools like ChatGPT and Claude.
• Only 30% of organizations have full visibility into what those tools are.

Questions worth separating out

Q: How should security teams govern employee-approved AI tools that request OAuth access?

A: Treat every consented AI app as a governed identity relationship, not an informal productivity choice.

Q: Why do OAuth tokens create more risk than passwords in shadow AI incidents?

A: OAuth tokens can keep working after the original user login is gone, which makes them durable bearer credentials.

Q: What breaks when organisations cannot see employee AI tool integrations?

A: Access governance breaks because IT cannot tell which external services have inherited enterprise identity or what data they can reach.

Practitioner guidance

• Inventory all third-party AI consents Identify every AI tool that has been granted access through work accounts, then map the scopes, owner, and business purpose for each consented app.
• Block broad OAuth grants by default Require risk review for high-privilege consent screens and limit approval of permissions that expose mail, drive, directory, or admin-related data.
• Treat OAuth tokens as revocable non-human credentials Add token revocation to offboarding, incident response, and vendor exit workflows so a stolen bearer token can be invalidated quickly across connected services.

What's in the full article

Josys's full blog post covers the operational detail this post intentionally leaves for the source:

• The full attack chronology from employee consent to token theft, Google Workspace access, and internal system exposure
• The vendor's breakdown of how shadow AI visibility gaps appear in SaaS management and browser-based discovery
• The article's discussion of how Josys ties asset visibility to SaaS utilisation analysis and permission discovery
• The practical examples of how IT teams can spot unsanctioned apps before a breach reveals them

👉 Read Josys’s analysis of the Vercel breach, shadow AI, and OAuth exposure →

Shadow AI and OAuth tokens: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →