Mitiga security researcher Idan Cohen shows Field CISO Brian Contos how an attacker steals the OAuth token behind a SaaS connected through MCP by seeding a man-in-the-middle proxy into a developer's `~/.claude.json` and letting Claude Code reseed it on every launch. Rotate the token, and the next session hands the attacker a fresh one. Use it through the agent, and the activity hides inside legitimate traffic. As Idan says, "AI agents inherit human credentials without inheriting human accountability."