Claude Code MCP Token Theft Shows Why OAuth Tokens Need Runtime Tool-Call Authorization

The text discusses the vulnerabilities associated with long-lived OAuth tokens in AI coding agents, highlighting the risks exemplified by the Claude Code MCP token theft incident. It explains how attackers can exploit endpoint routing vulnerabilities to hijack OAuth bearer tokens, which can then be misused to access SaaS APIs under the guise of legitimate activity. The document stresses that merely rotating OAuth tokens is insufficient if endpoint configurations remain compromised, as new tokens can also be intercepted. Instead, it advocates for runtime tool-call authorization, which involves evaluating each tool invocation against a set of dynamic security policies to ensure that it is legitimate, thereby reducing the risk and impact of token theft. Additionally, the article emphasizes the importance of monitoring local configuration files and maintaining endpoint integrity to prevent unauthorized access and ensure secure agent operations.