Vercel, Context.ai, and the OAuth hoarding problem
Blog post from Arcade
In March 2026, a breach occurred in Context.ai's AWS environment, leading to the theft of OAuth tokens from the deprecated "AI Office Suite," including a token belonging to a Vercel employee. This token allowed attackers to access Vercel's Google Workspace and exfiltrate non-sensitive customer environment variables, which were later advertised for sale. The incident highlighted the vulnerability inherent in the server-side storage of long-lived, broadly-scoped OAuth tokens by third-party applications, a pattern that has persisted for decades. Despite being associated with AI, the breach did not involve an exploitation of AI models but was a classic SaaS supply-chain credential compromise. Arcade, a company focused on agentic security, analyzed the incident and emphasized the importance of fine-grained OAuth token management, restricting scope permissions, and ensuring proper security boundaries to prevent similar occurrences. The incident underscores the need for organizations to audit third-party OAuth applications, enforce minimum scope permissions, and treat platforms storing refresh tokens as sensitive credential repositories.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| MCP | 11 | 6,108 | 613 | 170 | +36% |
| Secrets Management | 6 | 1,821 | 338 | 111 | +22% |
| Platform Engineering | 5 | 1,080 | 232 | 64 | +125% |
| AI Agents | 4 | 4,430 | 1,100 | 236 | -3% |
| LLM | 3 | 5,932 | 1,046 | 223 | -2% |
| OpenClaw | 1 | 624 | 65 | 39 | -4% |
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.