Cybersecurity threats are rapidly shifting from perimeter and endpoint-focused attacks to invisible, identity-driven breaches within application ecosystems, driven largely by the explosive growth of SaaS integrations and non-human identities. Speaking at ET CISO Decrypt 2026, Praveen Parihar, CISO of Razorpay, highlighted how OAuth tokens have emerged as a powerful yet under-monitored attack vector, enabling lateral movement across enterprise systems without triggering traditional security controls. His remarks underscored a growing concern among security leaders that AI-enabled SaaS environments are expanding the attack surface beyond conventional visibility and control frameworks. The spotlight session titled “OAuth is the new lateral movement and invisible boundary” at ET CISO Decrypt 2026 examined how identity-based access mechanisms, particularly OAuth, are reshaping modern cyber risk in API-first, AI-driven enterprise architectures.

Opening the session, Praveen Parihar emphasized that the security challenge is no longer confined to endpoints or networks, but to the invisible trust relationships created between applications. “OAuth is technically now a legal weapon,” he noted, illustrating how a single token can act as a “master key” unlocking multiple enterprise systems ranging from CRM platforms to email and cloud storage environments.

He explained that traditional attack paths—such as phishing or privilege escalation—are being replaced by silent app-to-app exploitation models, where attackers no longer need to compromise users directly. Instead, compromising an OAuth token can provide full access to integrated SaaS ecosystems, effectively bypassing authentication layers such as passwords and multi-factor authentication.

Highlighting the structural shift in enterprise architectures, Parihar pointed to the rapid expansion of non-human identities, noting that machine-to-machine interactions are now growing far faster than human user identities. This surge, he said, is creating an expanding “invisible highway” of delegated access, where APIs and integrations operate without sufficient monitoring or behavioural oversight.

A key concern raised during the session was the lack of visibility at the application-to-application layer. While enterprises invest heavily in endpoint detection, firewalls, and cloud security tools, he argued that the real attack surface now resides in SaaS-to-SaaS and agent-to-API connections. These flows, often trusted by design, can be exploited once an OAuth token is stolen or misused, enabling attackers to move laterally across systems undetected.

Parihar referenced recent public incidents involving third-party integrations and exposed tokens to illustrate the severity of the issue, noting that compromised OAuth credentials have already led to large-scale data exposure in multiple organisations. These cases, he said, demonstrate that token-based access, once considered secure and convenient, is now a high-impact vulnerability when not properly governed.

He further highlighted the growing complexity introduced by AI-native SaaS tools and non-human identities, where automated agents and integrations frequently interact without human intervention. In such environments, traditional identity and access management frameworks struggle to keep pace with dynamic, high-volume authentication flows.

To address these challenges, Parihar proposed a shift in security strategy focused on making invisible flows visible, reducing excessive access scope, and implementing behavioural monitoring for token usage. He emphasised that anomaly detection—such as unusual API call patterns or unexpected data access volumes—will be critical in identifying compromised OAuth tokens before significant damage occurs.

Concluding the session, he stressed that modern cybersecurity must evolve beyond perimeter-based thinking to address trust relationships embedded in application ecosystems. In his view, the future of enterprise security will depend on how effectively organisations can secure non-human identities and control delegated access across interconnected SaaS environments, where a single compromised token can redefine the entire threat landscape.

(With inputs from Prachi Pandey.)

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!