Vercel breach linked to AI tool

Vercel said on April 19 that attackers got into some of its internal systems through a compromised third-party artificial intelligence tool tied to an employee account. (vercel.com) The company said the attacker first abused access connected to Context.ai, then took over the employee’s Google Workspace account and reached some Vercel environments. Vercel said the intruder could read environment variables that were not marked “sensitive.” (thehackernews.com) Environment variables are the hidden settings apps use to store things like database passwords, application programming interface keys, and service tokens. Vercel said variables marked “sensitive” are encrypted in a way that prevented the attacker from reading them, and it said it has no evidence those values were accessed. (thehackernews.com) Vercel said only a “limited subset” of customers had credentials exposed, and that it contacted those customers directly with instructions to rotate them immediately. The company also said it is still investigating what data was taken and would notify customers if it finds more evidence of compromise. (thehackernews.com) The route into Vercel did not start with Vercel’s own code. TechCrunch reported that Context AI said it had a March 2026 breach involving its Context AI Office Suite consumer app, and Vercel said the fallout could affect “hundreds of users across many organizations.” (techcrunch.com) That attack path turned an artificial intelligence add-on into a supply-chain foothold. Researchers at the Cloud Security Alliance said the case showed how “AI SaaS” tools connected through single sign-on and OAuth can become enterprise attack paths even when the primary target’s own software is untouched. (cloudsecurityalliance.org) The case also widened concern because Vercel sits under a large share of modern web apps, including many built with Next.js and hosted front ends for crypto products. Decrypt reported that Vercel’s exposure alarmed crypto teams because a stolen front-end secret can let attackers alter what users see even when a blockchain itself is unchanged. (decrypt.co) Vercel said it brought in Google-owned Mandiant and other security firms, notified law enforcement, and reviewed its broader software supply chain. Chief executive Guillermo Rauch said the company had already added a dashboard overview for environment variables and a better interface for creating and managing sensitive ones. (thehackernews.com) A seller using the ShinyHunters name claimed responsibility and offered alleged Vercel data for $2 million on BreachForums, according to BleepingComputer. Vercel has confirmed the intrusion, but the full scope of the stolen data and the attacker’s broader claims remained under investigation as of April 20. (bleepingcomputer.com)