HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tetrakai

no profile record

Submissions

Show HN: Flight Risk: Can you break an AI agent?

ctf.demo.lorikeetcx.ai
3 points·by tetrakai·vor 3 Monaten·0 comments

comments

tetrakai
·vor 3 Monaten·discuss
I can't comment about 1, but my read of 2 and 3 is that the chain was something like this:

1. One or more Vercel employees - likely engineers - grant OAuth access to context.ai. They presumably did this for office-suite style features, but the OAuth request included a GCP grant for some reason, maybe laziness on context.ai's part or planned future features? Either way, Google's OAuth flow has little differentiation between "office suite" scopes and "cloud platform" scopes, so this may not have been particularly obvious to those at Vercel

2. context.ai's AWS account was compromised (unspecified how), and the Google OAuth tokens they had for customer accounts, including those for at least one Vercel employee, were taken

3. Those OAuth token(s) were used to authenticate to the GCP APIs as those Vercel employees, then allowing access to Vercel's DBs, and therefore access to customer data and secrets
tetrakai
·vor 3 Monaten·discuss
This is bizarre! When you call ANA from Australia they have multiple dedicated 1800 (free) numbers you can reach them at, including a call centre in the Philippines for simple issues that picked up straight away for me. I wonder why they're so much more customer hostile in their own geography?