Home / Companies / Arcade / Blog / Post Details
Content Deep Dive

Vercel, Context.ai, and the OAuth hoarding problem

Blog post from Arcade

Post Details
Company
Date Published
Author
Mateo Torres
Word Count
1,808
Company Posts That Month
15
Language
English
Hacker News Points
-
Post removed?
No
Summary

In March 2026, a breach occurred in Context.ai's AWS environment, leading to the theft of OAuth tokens from the deprecated "AI Office Suite," including a token belonging to a Vercel employee. This token allowed attackers to access Vercel's Google Workspace and exfiltrate non-sensitive customer environment variables, which were later advertised for sale. The incident highlighted the vulnerability inherent in the server-side storage of long-lived, broadly-scoped OAuth tokens by third-party applications, a pattern that has persisted for decades. Despite being associated with AI, the breach did not involve an exploitation of AI models but was a classic SaaS supply-chain credential compromise. Arcade, a company focused on agentic security, analyzed the incident and emphasized the importance of fine-grained OAuth token management, restricting scope permissions, and ensuring proper security boundaries to prevent similar occurrences. The incident underscores the need for organizations to audit third-party OAuth applications, enforce minimum scope permissions, and treat platforms storing refresh tokens as sensitive credential repositories.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
MCP 11 6,108 613 170 +36%
Secrets Management 6 1,821 338 111 +22%
Platform Engineering 5 1,080 232 64 +125%
AI Agents 4 4,430 1,100 236 -3%
LLM 3 5,932 1,046 223 -2%
OpenClaw 1 624 65 39 -4%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.