AGP Picks
View all

Israel Political Press
Provided by AGP

Token Security Researcher to Present “Zapocalypse” Exploit Chain Targeting Zapier Users at fwd:cloudsec North America

Session will explain a vulnerability and multi-stage attack scenario that results in a full AI platform account takeover

TEL AVIV, Israel and NEW YORK, May 28, 2026 (GLOBE NEWSWIRE) -- Token Security, the leader in identity-first AI agent security, today announced that Yair Balilti, Security Research Team Leader, will present new vulnerability research at fwd:cloudsec North America on June 1, 2026, demonstrating how a chained exploit targeting automation platforms and serverless environments can escalate to a full Zapier AI platform account takeover.

image

For complete details on the research findings, visit: https://www.token.security/zapocalypse.

WHO:
Yair Balilti, Security Research Team Leader, Token Security, is an expert in vulnerability research and offensive security. He leads research focused on uncovering vulnerabilities in cloud-native and AI-driven systems, with a particular emphasis on how automation platforms and AI agents introduce new attack vectors.

WHAT:
Automation platforms and AI agents are increasingly acting as the high-privilege control layer of modern enterprises. As these systems gain access to APIs, credentials, and workflows, they also create new and poorly understood security risks. The research reveals how AI automation platforms are generating highly-privileged identities that are not being monitored or governed.

In this session, Balilti will deconstruct a multi-stage exploit chain targeting Zapier users that begins in a sandboxed Python environment and escalates into full AI platform account takeover. The research challenges common assumptions about serverless isolation and secret handling, demonstrating how attackers can recover sensitive credentials directly from memory and move laterally across integrated systems.

The session will cover:

  • How hardcoded Model Context Protocol (MCP) keys and high-privilege tokens are exposed
  • Why Python’s del keyword does not reliably sanitize sensitive environment variables
  • How orphaned AWS STS tokens can be extracted from Lambda memory via /proc/self/mem
  • A technique for API-only ECR image extraction
  • A dependency poisoning attack leading to Stored XSS across thousands of integrations

Attendees will leave with:

  • A technical checklist for auditing AI “code block” and automation features
  • Strategies for identifying and eliminating orphaned secrets in serverless environments
  • Best practices for securing automation platforms and AI agent-driven workflows

WHERE:
fwd:cloudsec North America. Room 1. Meydenbauer Center, Bellevue, Washington.

WHEN:
Monday, June 1, 2026 at 10:50 AM PDT

HOW:
To speak with Yair Balilti, contact Marc Gendron at marc@mgpr.net, +1 617 877 7480.

About Token Security
Token Security accelerates the secure adoption of agentic AI by discovering AI agents across the enterprise, understanding their context and risk, and enforcing policies that govern their access and behavior. The platform provides continuous visibility, lifecycle management, and least-privilege enforcement to help organizations control autonomous AI agents operating across cloud, SaaS, and enterprise environments, eliminating blind spots, reducing risk, and ensuring compliance at scale.

Token Security is backed by Notable Capital, Crosspoint Capital, and TLV Partners. To learn more: token.security.

Media Contact:
Marc Gendron
Marc Gendron PR for Token Security
+1 617 877 7480
marc@mgpr.net

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/6f098d3a-925b-4600-8587-da4c724c0ea1


Primary Logo

Zapocalypse

Best practices for securing automation platforms and AI agent-driven workflows

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Sign up for:

Israel Political Press

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.