According to a recent LinkedIn post from Hush Security, a security incident involving an AI tool called Context.ai allegedly enabled an attacker to obtain a single OAuth token from a Vercel employee. The post suggests this access was then leveraged to gather multiple sensitive credentials, including GitHub tokens, NPM tokens, API keys, and internal deployment access, which are reportedly being offered for sale on BreachForums.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The company’s LinkedIn post highlights this incident as an example of the risks posed by static secrets and long-lived tokens in environments with growing AI tool usage. It argues that as organizations adopt AI agents more broadly, identity-based, just-in-time, tightly scoped, and auditable access controls may become increasingly important, implying potential demand for security solutions that address these emerging identity and access management challenges.