AboutTermsPrivacyContact
 
Updating
AI Security Ops

AI Security Ops

Released: 2026-05-01
© 2025 Black Hills Information Security
AI Security Ops - QR Code
51 Episodes
Audio
Listen on Apple Podcasts
51 Episodes
Audio
Listen on Apple Podcasts
Released: 2026-05-01
© 2025 Black Hills Information Security
Most Recent Episode
Vercel Breach | Episode 50

Vercel Breach | Episode 50

In this episode of BHIS Presents: AI Security Ops, the team breaks down the Vercel breach — a real-world incident that shows just how fragile modern security has become in the age of AI integrations and SaaS sprawl. What started as a simple Roblox che
Time: 17:46
In this episode of BHIS Presents: AI Security Ops, the team breaks down the Vercel breach — a real-world incident that shows just how fragile modern security has become in the age of AI integrations and SaaS sprawl.
What started as a simple Roblox cheat script downloaded on a work laptop quickly escalated into a multi-hop compromise involving OAuth permissions, an AI productivity tool, and access into Vercel’s internal systems.
This wasn’t a zero-day or advanced nation-state exploit. It was a chain of everyday decisions: installing software, clicking “Allow,” and trusting third-party integrations.
The result? Allegedly $2M worth of data listed for sale, including API keys, internal data, and employee records — all from a breach path that most organizations aren’t even monitoring.
We dig into:• What Vercel is and why it’s such a high-value target• How environment variables become the “keys to the kingdom”• The full attack chain: Roblox malware → Context.ai → Vercel• What infostealers like Lumma actually do (and how cheap they are)• How OAuth permissions become persistent backdoors• Why AI productivity tools introduce hidden risk• The rise of “shadow AI” inside organizations• How supply chain attacks continue to scale across ecosystems• The role of AI in accelerating attacker speed and capability• Why this type of breach is becoming the new normal
This episode highlights a critical shift in cybersecurity: you don’t have to get hacked directly anymore — attackers just need to compromise something you’ve already trusted.
📚 Key Concepts & Topics
Attack Chain & Initial Access• Lumma infostealer and malware-as-a-service• Credential theft: passwords, cookies, OAuth tokens• Low-cost, high-impact compromise paths
OAuth & Identity Risk• “Allow All” permissions and persistent access• OAuth tokens as long-lived entry points• Lack of visibility into third-party integrations
AI Security Risks• Shadow AI and unsanctioned tool adoption• Deep integrations with Google Workspace and SaaS• AI tools as new supply chain attack surfaces
Supply Chain Attacks• Multi-hop compromise paths across vendors• Real-world parallels (Trivy, LiteLLM)• Interconnected ecosystems increasing blast radius
Threat Landscape Evolution• AI accelerating attacker speed and scale• Lower barrier to entry for complex attacks• Criminal groups operating as decentralized “businesses”
Defensive Strategy• Auditing OAuth integrations and permissions• Enforcing least privilege across SaaS tools• Segmenting sensitive data and reducing blast radius• Avoiding risky behavior on corporate devices
⏱️ Chapters(00:00) - Intro & Breach Overview
(00:21) - Sponsors & Show Setup
(01:29) - What Vercel Is & Why It Matters
(02:31) - Initial Compromise: Roblox Script & Infostealer
(05:03) - OAuth Permissions & Pivot into Vercel
(08:04) - AI Tools, Over-Permissioning & Supply Chain Risk
(09:53) - AI Acceleration of Attacks & Ecosystem Impact
(13:34) - Threat Actors, Attribution & Key Takeaways
Click here to watch this episode on YouTube.
Creators & Guests
Brian Fehrman - Host
Ethan Robish - Guest
Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
https://wildwesthackinfest.com
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com
Click here to view the episode transcript.
Episode ID: 1000765509912
GUID: 24ae8d43-1a4e-46cb-975f-2c85b38aa283
Release Date: 01/05/2026, 13:51:06

Description

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

Apple Podcasts: Customer Reviews

No Entry