AI Sprawl is happening, and IT needs control
Most people will read the Vercel breach as another isolated security issue. It’s not. It’s a clear example of how AI tools are quietly getting embedded into core systems — and how little visibility most organizations actually have into those connections.
What actually happened (in plain terms)
An employee used a third-party AI tool. That tool had access via Google Workspace OAuth. The tool itself was compromised. Attackers used that access to get into internal systems.
From there, they were able to:
- Access internal environments
- Read environment variables
- Potentially expose API keys and credentials that weren’t properly marked or secured
This wasn’t a direct attack on Vercel’s infrastructure. It was an indirect path — through a connected AI tool.
Why this matters more than it looks
This isn’t about one company or one tool. This is about a pattern that’s already happening inside most organizations:
- Employees are using AI tools to move faster
- Those tools are getting access to Google Workspace, Slack, GitHub, and other systems
- Over time, those connections accumulate
- Very few teams have a clear, centralized view of what’s connected and what those tools can access
That’s where the risk builds. Not from a single decision — but from dozens of small, invisible ones.
The real issue: AI sprawl
This is what AI sprawl looks like in practice. Not just “too many tools,” but:
- Too many tools with access
- Too many tools connected to critical systems
- Too many tools operating without centralized visibility
In the Vercel case:
- The entry point was a third-party AI tool
- The access layer was Google Workspace
- The impact came from what that tool could reach downstream
That chain exists in most companies today. It’s just not visible.
Why traditional security models miss this
Most security programs are built around:
- known applications
- managed infrastructure
- defined access controls
AI tools don’t fit cleanly into that model. They are:
- adopted bottom-up
- connected through OAuth
- constantly changing
- often outside formal approval processes
So even strong security teams end up with blind spots. Not because they’re weak — but because the system has changed.
What teams should be asking right now
Incidents like this should trigger a simple set of questions:
- How many AI tools are actually in use across the company?
- Which of them have access to Google Workspace or other core systems?
- What scopes or permissions do they have?
- What data or systems can they indirectly reach?
Most teams don’t have clear answers. That’s the gap.
What good looks like
This isn’t about shutting down AI usage. That won’t work. The goal is:
- visibility first
- then control
- then governance
Teams need to be able to:
- identify AI tools in use
- understand what they’re connected to
- assess risk based on access and data exposure
- take action where needed
Without that, you’re operating on assumptions.
This won’t be the last incident
The Vercel breach is getting attention because of the scale and the visibility. But the underlying issue is widespread.
As AI adoption increases, so will:
- connected tools
- implicit trust relationships
- and attack surface
The companies that get ahead of this will not be the ones that avoid AI. They’ll be the ones that can see and manage it clearly.
Want to understand your exposure?
If you’re unsure how many AI tools are in use, what they’re connected to, or what risk they introduce — you’re not alone. We built Peridot to help teams get visibility into AI usage and understand how it connects into their systems. You can learn more about the Peridot Shadow AI platform for enterprise.