When trusted apps become trusted backdoors: what the Vercel incident shows about modern account takeover

Key takeaways

• Third-party OAuth applications can introduce persistent access paths beyond traditional authentication controls.
• Account takeover (ATO) can involve authorized applications and valid tokens, not just stolen credentials.
• Access granted to OAuth apps can persist even after password resets or multifactor authentication (MFA) enforcement.
• Organizations need both Third-party OAuth app governance and ATO detection and remediation to reduce their risk.

Two seemingly unrelated actions help frame the risk behind the April 2026 Vercel security incident: 

1. According to reporting from Hudson Rock, an employee at a third-party vendor downloaded game-related software (including Roblox automation tools). This led to an infostealer infection on a corporate device.
2. Separately, a Vercel employee authorized a third-party AI productivity tool—a newly emerging, seed-stage startup—and granted it access to their corporate cloud environment.

Individually, these actions are common. Together, they illustrate how modern attacks exploit trusted access across users, applications, and supply chains.

What happened

Public reporting indicates the attack involved a third-party AI tool authorized within Vercel’s environment via Google Workspace. The reported sequence aligns with known cloud attack patterns:

• A user authorizes a third-party OAuth application with access to corporate resources.
• The third-party provider is compromised upstream (reportedly via infostealer malware).
• Attackers obtain access to valid tokens or delegated access paths.
• The attacker operates within the environment as a legitimate user.
• Internal resources—such as environment variables and credentials—are accessed.

This sequence relies on previously granted access, not repeated authentication bypass.

Beyond credentials: expanding the definition of account takeover

Traditional ATO focuses on credentials. This incident highlights a broader reality, which is that account takeover can extend beyond authentication into delegated access and application-layer persistence.

In these scenarios:

• Access is granted through a trusted application.
• Tokens provide ongoing access to resources.
• Persistence can survive credential resets and multifactor authentication (MFA) changes.

Proofpoint research has shown that OAuth applications can be used to maintain access to cloud resources even after user credentials are secured.

OAuth applications as a persistence mechanism

OAuth applications are widely used across SaaS environments and frequently require access to:

• Email
• Files and documents
• User and directory data

When misused—whether due to malicious apps, compromised vendors, or post-ATO abuse—these applications can provide durable access to enterprise resources. In advanced attacks, they may be used to:

• Maintain access after initial compromise
• Access data programmatically
• Extend attacker dwell time

Where risk emerges

Risk emerges in two places.

1: Authorization: expanding the attack surface

Risk begins when an OAuth application is authorized:

Applications may request high-impact permissions (like full mailbox or file access)

• Users may approve access to new or unverified vendors
• Emerging categories like generative AI tools may bypass formal review
• Without governance, each authorization expands the attack surface.

2: Post-ATO persistence through applications

After initial access—via credentials, tokens, or upstream compromise—attackers may:

• Leverage existing authorized applications
• Introduce new applications to establish or extend access (see Proofpoint research on malicious applications in credible cloud tenants)
• Use granted permissions to access sensitive data

Because this access is application-based, it can persist independently of user authentication.

Required actions for organizations

Immediate actions that organizations should take, which are relevant to this incident include:

• Search for and remove the known malicious OAuth client ID that’s associated with this campaign:110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.
• Audit all OAuth applications authorized in their environment and revoke any that are unnecessary or untrusted.
• Rotate credentials and secrets. Vercel has recommended rotating any potentially exposed secrets and ensuring sensitive values are properly protected, including:
  • API keys
  • environment variables
  • tokens stored in non-sensitive or plaintext configurations

Longer-term controls

These are some additional steps that you can take:

• Strengthen third-party app governance
  • Maintain visibility into all authorized applications
  • Identify high-risk permission scopes
  • Classify apps as approved, blocked, or under review
  • Detect newly authorized apps and permission changes
  • Remove unused or unnecessary applications
• Detect and remediate app abuse in ATO scenarios
• Identify risky third-party app authorization events
  • Highlight applications with highly impactful permissions
  • Revoke application tokens to eliminate persistent access

How Proofpoint can help

Proofpoint provides solutions to reduce your risk.

Third-party app governance

Proofpoint enables organizations to:

• Discover all connected third-party applications
• Assess risk based on permissions, prevalence, and threat intelligence
• Identify high-risk scopes and suspicious app characteristics
• Classify and control applications
• Detect new authorizations and classification drift

ATO detection and remediation

Proofpoint detects and responds to ATO involving third-party applications by:

• Identifying risky authorization, creation, or modification of apps
• Correlating these events with attack sequences
• Highlighting high-impact permission usage
• Automatically revoking application tokens to remove persistence

Conclusion

The incident isn’t just about risky apps. It’s about what happens after access is granted—and how long it quietly persists. The Vercel incident demonstrates how modern attacks exploit trust across multiple layers:

• A compromised endpoint introduces risk
• A third-party app creates a trusted access path
• A supply chain breach connects the two

Most organizations focus on preventing login abuse. But modern account takeover doesn’t end at authentication. It lives on in tokens, OAuth grants, mailbox rules, and delegated access that outlast credentials.

Proofpoint Collaboration Security Prime closes this gap by treating access as something that must be continuously governed—not just authenticated once. It correlates identity signals, third-party application behavior, and post-compromise activity to detect when a legitimate integration becomes an attacker’s backdoor. Because in these attacks, nothing looks suspicious at login—the risk lives in what’s already been trusted.

Collaboration Security Prime doesn’t just detect that misuse. It acts on it. That includes identifying risky or abused OAuth connections, revoking malicious or over-permissive third-party app access, and restoring control before that trusted integration becomes a persistence layer. 

Because modern account compromise doesn’t always break in. Sometimes it logs in once—and stays indefinitely through the apps you already approved. So the real question isn’t “Did they get in?”, it’s “Which apps are still acting on their behalf—and should they be?”

Learn how Proofpoint detects and eliminates persistent access paths across your collaboration environment.