Matt Jackson · Dryx

Great breakdown. The detail worth emphasizing: Vercel wasn't a https://t.co/i7qyL2O4PF enterprise customer. One employee individually signed up using their work email and clicked "Allow All." That's shadow AI, not TPRM, and vendor risk programs can't audit what they don't know exists.

This is the AI supply chain pattern every dev should understand: Broad OAuth granted → AI tool accumulates credentials → AI tool gets compromised → every credential becomes downstream blast radius. Been building RootShield around exactly this pattern. Patent-pending. https://t.co/1Imgn7ok4b

The Vercel hack isn't an OAuth story. It's a shadow-AI story. One employee signed up for an AI productivity tool with their work email. Clicked "Allow All" on the OAuth prompt. That single click became the master key into Vercel's Google Workspace, three months later, when the AI tool was compromised.

The chain: Feb 2026 — https://t.co/i7qyL2O4PF employee infected with Lumma Stealer (via downloaded Roblox cheats, of all things). Credentials harvested. Apr 2026 — Attacker uses the stolen OAuth token. Pivots into Vercel's plaintext env vars: API keys, DB creds, signing keys. Hundreds of orgs downstream.