Zapocalypse: Compromising every Zapier user through a Lambda memory leak
Yair Balilti
fwd:cloudsec North America 2026 · Day 1
This talk, titled "Zapocalypse: Compromising every Zapier user through a Lambda memory leak," details a critical vulnerability chain discovered in Zapier, a prominent AI-driven workflow automation platform. Presented by Yair Balilti, a Security Researcher at Token Security, the research outlines a sophisticated five-stage attack that allowed the team to achieve a full platform account takeover, theoretically compromising every authenticated Zapier user. The presentation highlights the dangers of insecure sandbox environments, the persistence of "deleted" data in memory, and the risks associated with misconfigured build processes and supply chain vulnerabilities in modern cloud-native applications. This research is particularly significant given Zapier's extensive user base and its role as an integration hub for over 8,000 applications, making a comprehensive compromise a high-impact event.
AI review
A well-constructed, multi-stage cloud attack chain with genuine technical novelty — specifically the memory forensics angle on Python `del` and the ECR auth bypass via direct API calls. Solid original research that moves beyond 'we found a hardcoded secret' into a full kill chain with real blast radius. Minor dock for the final stages being theoretical rather than demonstrated, and the talk leans on a summarized transcript rather than raw live demo footage, but the underlying work is clearly sound.