Over the last two years, the cybercriminals behind groups like the ShinyHunters collective have been racking up massive victim counts and building a reputation for compromising enterprises at scale. Their playbook: exploit the vulnerable interdependencies of the SaaS supply chain for upstream access, industrialize downstream propagation, and live rent free in the already stressed minds of security leaders worldwide. Without developing and deploying complex malware suites, they started out by repurposing stolen Snowflake customer employee credentials to access roughly 165 of the analytics company’s commercial tenants in 2024 by logging into accounts that did not enable MFA. At the time, this attack was their most consequential with a breathtaking scale of unauthorized data access, theft, and extortion that put them on the map of the cybersecurity community in a major way. In 2025, they climbed the technical sophistication ladder and, alongside their loosely aligned teammates ScatteredSpider, compromised corporate Salesforce deployments after threat actors within the collective accessed the Salesloft GitHub instance, pivoted to access the Drift AWS enterprise, then stole and reused their OAuth tokens across hundreds of corporate Salesforce enclaves. As part of the compromise, the two groups tallied over 700 organizations as victims that include cloud and cybersecurity industry titans like Cloudflare, Palo Alto Networks, and Google.
Fast forward to just a few weeks ago and a ShinyHunters peer group picked up right where they left off in 2025 with a compromise of Vercel—maintainer of the Next.js codebase—to hold company and customer data for a $2M ransom. This breach will make security leaders feel particularly helpless as it resulted from a Context.ai employee whose personal device was infected with Lumma Stealer malware, which gave the criminals access to their Google Workspace credentials, OAuth tokens, and other keys. Part of the stolen data dump was a very permissive OAuth token from Vercel. As it turned out, a Vercel employee had signed up for Context.ai – a third-party AI productivity tool, using their enterprise Vercel Google Workspace account. At signup, they granted Context.ai "Allow All" OAuth permissions, giving the app broad read access to Google Drive, email, and other Workspace resources. The kicker is that Vercel wasn’t even a registered customer of Context.ai, this was an individual employee's personal signup to a consumer product using their work credentials. Context.ai's OAuth configuration allowed the grant to carry enterprise-wide scope. The attacker replayed the stolen OAuth token to impersonate the Context.ai app and access the employee's Workspace account.
While these compromises are clever and crafty, the point of this write up isn’t to rehash a prolific cybercriminal group’s exploits through the SaaS landscape. The broader point is that a loosely organized collective of English-speaking young adults, leveraging Russian-origin tooling and cybercrime infrastructure have been more effective at pointing out the gaps in SaaS integration security than decades of frameworks, standards, and best practices ever have.
This isn't an academic observation. In cybersecurity, the feedback loop for an incomplete risk mitigation or a poorly-informed risk acceptance decision is not hypothetical, as living, breathing, thinking adversaries pounce on misconfigurations and/or vulnerabilities and rapidly punish mistakes. These campaigns demonstrate that persistence, a working knowledge of cloud environments, and effective social engineering are enough to turn the speed and fluidity of SaaS integrations into vulnerabilities. And while businesses have been “running with scissors” when it comes to building out workflows with overly permissive cloud application integrations, they’ve taken off in a full sprint now that AI has matured to the point where avoiding its use in the enterprise is effectively seen as a competitive disadvantage, increasing their attack surface in the process.
The good news is that while those chat bots and agents exercise more autonomy and broader access than more deterministic software, they still need those same API keys, OAuth tokens, and credentials to function, creating the same friction points that allow security teams to limit their abuse by malign actors if configured correctly. That huge “if” is easy to trivialize from the comfort of a blog draft but difficult to implement in global production environments. There's a reason that broken authentication — which short-lived token policies directly mitigate — ranks as the second most critical risk on OWASP's API Security Top 10 and the Cloud Security Alliance publishes extensive guidance on measures to counteract these attack chains. These security challenges are tough and there is no “just do X” solution or the proverbial Easy Button to push, but security leaders need to start now before the unencumbered growth of the attack surface supersedes any attempts to monitor and secure the enterprise. Build a strategy, create a governance framework, execute, and assess.
The assessment step is important because these security risks are not linear, all-or-nothing propositions. Each third-party integration, each OAuth grant, each API key creates a unique node in a graph that attackers are already mapping. The compound effect of hundreds of these grants across an enterprise creates an expanding yet opaque attack surface that creates serious monitoring and auditing obstacles.
To get ahead of the snowballing non-human identity crisis, security leaders should start with four actions:
ShinyHunters and their associates didn't need zero-days, custom malware, or nation-state resources to compromise hundreds of enterprises. They needed a stolen credential, a permissive token, and the patience to follow the trust chain to its logical conclusion. The stark reality for security leaders is that the integrations enabling their businesses are the same ones enabling their adversaries — and right now, the adversaries understand those connections better than most defenders do.