Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the security vulnerabilities and attack vectors in modern connection-based OAuth architectures used by Agentic AI and Integration Platforms in this 40-minute Black Hat conference presentation. Discover how the evolution from traditional OAuth setups to centralized token management through dedicated OAuth Token Services has reintroduced critical security flaws previously mitigated by OAuth standards. Learn about the emerging trend of offloading token retrieval and lifecycle management to cloud-based Credential Managers that enable streamlined access re-delegation for AI agents and low-code solutions. Examine how classic web vulnerabilities including Session Fixation, Open Redirect, Confused Deputy, XSS, and Cross-window Communication attacks have re-manifested and been amplified within these proprietary OAuth connection architectures. Analyze practical exploits that allow attackers to take over authenticated AI agents or gain unauthorized access to integrations without explicit user consent. Study Microsoft's implementation as a comprehensive case study, covering Azure, Power Platform, and Copilot Studio to understand how connection-based OAuth architectures are adopted in enterprise environments. Compare systemic security issues across industry vendors including Composio and ByteDance Coze to identify common vulnerabilities and attack patterns. Gain insights into the attack surface systematization and develop an attacker's mindset for identifying security weaknesses in modern OAuth implementations. Acquire actionable best practices and security recommendations for building hardened authentication layers that protect AI agents and integration platforms from sophisticated attacks targeting connection-based OAuth vulnerabilities.
