Posts about supply-chain
-
The OAuth Token You Forgot About
Vercel was breached through a third-party AI tool's OAuth token. The lesson is not about Vercel's security — it is about how every AI tool you onboard extends your attack surface in ways your governance framework does not track.