According to a recent LinkedIn post from Token Security, the company is drawing attention to recent security incidents at Vercel and McKinsey that it suggests have been inaccurately framed as “AI hacks.” The post instead emphasizes that these events appear to involve compromised non‑human identities, specifically OAuth tokens with broad access to enterprise platforms.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The LinkedIn post describes researcher findings that in the Vercel case an employee installed an AI agent tool with extensive Google Workspace OAuth scopes, whose backend was then breached, enabling an attacker to use stolen credentials to access internal systems. This perspective positions identity and access management for non-human accounts as a critical risk area, which could increase demand for specialized security solutions like those Token Security focuses on.
For investors, the post suggests that misclassification of such incidents as generic AI risks may lead security budgets to be allocated inefficiently, leaving gaps around machine and service identities. By publicly highlighting this nuance and directing readers to its research, Token Security appears to be positioning itself as a thought leader in identity-centric security, which could support long-term customer acquisition and pricing power if the market continues to prioritize this threat vector.