
The Vercel Breach wasn't just "token theft" - it was an identity architecture problem. Here’s why.
Everyone is calling the Vercel breach a "third-party token theft" incident. While technically true, that misses the root cause: the unmanaged trust relationship. The attacker didn't breach Vercel directly. They breached an unapproved consumer AI tool (Context.ai) that an employee had granted broad Google Workspace OAuth permissions to. That single click created a trusted bridge straight into Vercel’s corporate environment.
The real issue - most security teams try to detect the blast radius after the token is stolen. By then, you're already losing... The actual control point is the moment of adoption.
To stop this, the workflow needs to change:
- Discover at the Browser: Traditional network logs and API scans miss consumer AI tools. Discovery has to happen at the browser level, during the actual login interaction.
- Inline Gating: You have to block or route the login for approval before the user clicks "Allow All" on the OAuth consent screen.
If the OAuth grant is never created, the vendor never holds a corporate token. If they don't hold the token, a downstream compromise of that vendor leaves attackers with a dead end.
We wrote a full architectural breakdown on how to flip this workflow from reactive detection to proactive lifecycle management using Unixi’s browser-level governance.
Read the full breakdown here: https://unixi.io/blog/shadow-ai-governance-part-2-vercel-breach
How is everyone else handling shadow AI OAuth grants right now? CASB, MDM blocks, or just praying users actually read the consent screens?