"OAuth tokens have a checkered relationship with AI. While necessary, they were the primary breach vector in the Salesloft incident during 2025 - leading to compromise in more than 700 organizations."
"The cascading potential of a single stolen token across multiple accounts was no doubt inviting. In this case, the potential was to use the OAuth token to target GitHub repositories that might be accessed by individuals from multiple organizations."
"BeyondTrust's Phantom Labs researchers succeeded - including the automation necessary to compromise the multiple users interacting with a single GitHub repository. It was not an overnight research project, and it was long and complex."
OAuth tokens are critical yet vulnerable components in AI-related breaches. Researchers found an obfuscated token linked to OpenAI Codex and GitHub. Tokens with long-term validity are particularly dangerous, as demonstrated by the Salesloft incident affecting over 700 organizations. Research by Grip Security revealed that a single stolen token could trigger cascading breaches in SaaS applications. BeyondTrust's Phantom Labs successfully automated the exploitation of a short-lived token, highlighting the potential for significant security threats in collaborative environments like GitHub repositories.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]