The Vercel breach in February 2026 exposed a systemic problem: AI tools with persistent OAuth access become high-value attack vectors. The core issue is standing access — OAuth grants that are always live, credentials always reachable. The recommended fix is Just-in-Time (JIT) access, where OAuth grants only exist during active approved sessions and expire automatically. For AI tooling specifically, JIT can be enforced at the tool invocation level via MCP-connected agents, scoping and time-limiting each action individually. Non-human identities (NHIs) like AI tools and MCP servers are rarely governed with the same rigor as human accounts, creating a growing security gap. A credential injection model — where secrets are injected at connection time and never persist — is proposed as a stronger alternative to secrets classification.
Table of contents
The identity no one is governingClassification isn't a solutionWhat this means for your organizationSort: