Vercel Breach Analysis: How an OAuth Token Became an Identity Attack Path

The report analyzes Vercel’s breach in which attackers compromised a third‑party AI tool (Context.ai), exfiltrated OAuth tokens (reportedly via Lumma Stealer), used a Vercel employee’s token to access Google Workspace, and moved laterally to expose environment variables and credentials; it frames the incident as a structural identity/supply‑chain attack and urges organizations to map and eliminate identity attack paths rather than relying on IAM hygiene alone.