The SAS token could have been set up with limitations to what file or files could be accessed. However, this particular link was configured with full access.
Apparently the AI researchers weren’t trained on how to properly secure SAS tokens, or were just neglegent.