Tag: credential misuse

2 articles

Unoccupied workstation with laptop and technical equipment in a brightly-lit server room.

Google API Keys Remain Usable for 23 Minutes After Deletion

Deleting a Google API key doesn't mean it's immediately useless to hackers - in fact, our experiments show it can remain active for up to 23 minutes, allowing attackers to continue misusing it even after you've tried to revoke access.

Analyst 207May 21, 2026

Dimly lit server room with a laptop screen displaying sensitive API tokens and credentials.

Cross-App Permissions Expose Hidden Risks in AI-Driven SaaS Environments

Imagine a single security slip-up exposing 1.5 million API tokens and 35,000 email addresses, leaving AI agents and their users vulnerable to hijacking and misuse. The recent Moltbook breach reveals the hidden risks of cross-app permissions in AI-driven SaaS environments.

Analyst 207Apr 22, 2026