Vercel, Context.ai, and the OAuth hoarding problem

In March 2026, a breach occurred in Context.ai's AWS environment, leading to the theft of OAuth tokens from the deprecated "AI Office Suite," including a token belonging to a Vercel employee. This token allowed attackers to access Vercel's Google Workspace and exfiltrate non-sensitive customer environment variables, which were later advertised for sale. The incident highlighted the vulnerability inherent in the server-side storage of long-lived, broadly-scoped OAuth tokens by third-party applications, a pattern that has persisted for decades. Despite being associated with AI, the breach did not involve an exploitation of AI models but was a classic SaaS supply-chain credential compromise. Arcade, a company focused on agentic security, analyzed the incident and emphasized the importance of fine-grained OAuth token management, restricting scope permissions, and ensuring proper security boundaries to prevent similar occurrences. The incident underscores the need for organizations to audit third-party OAuth applications, enforce minimum scope permissions, and treat platforms storing refresh tokens as sensitive credential repositories.