Inside The Vercel Supply Chain Exploit

Inside the Vercel Breach: Highlighting OAuth Token Risk 

In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by Contrast Security's David Lindner describes how a Context AI employee downloaded Roblox AutoFarm scripts, got infected with an info stealer, and attackers harvested credentials, compromised Context AI, then used an over-permissioned OAuth token from a Vercel employee who had signed up to Context AI with an enterprise account and clicked "allow all," with Vercel working with Mandiant on a breach allegedly being sold for $2 million. The episode emphasizes that MFA may not mitigate OAuth abuse, urges admin-managed consent, continuous inventory and auditing of OAuth grants, and better visibility into risky third-party app access across Google Workspace and Microsoft 365.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst

00:00 Special Edition Intro
00:14 Sponsor Message Meter
00:33 Supply Chain Hack Setup
01:16 Breach Seen In Wild
02:36 Meet Jamie Blasko
02:56 Who Is Vercel
04:34 How The Breach Happened
05:58 Context AI And Shadow IT
07:58 OAuth Controls And Audits
09:11 Impact And Open Questions
11:24 Why MFA Falls Short
12:22 Where To Get Help
14:07 Host Takeaways OAuth Risk
14:53 What To Do Next
16:06 Wrap Up And Feedback
16:42 Sponsor Close Meter
17:24 Final Sign Off