Vercel breached via AI extension

Vercel said on April 19 that attackers got into some internal systems through a compromised Context AI connection tied to one employee’s Google Workspace account. (vercel.com) (techcrunch.com) The company said the attackers reached a limited subset of customer credentials stored as “non-sensitive” environment variables that decrypt to plaintext. Vercel said it contacted affected customers and told them to rotate those credentials immediately. (vercel.com) The basic mechanism was OAuth, the login system that lets one app act inside another account after a user clicks yes. In this case, Vercel said a Context AI app connection was abused to take over the employee’s Google account and move into Vercel systems. (techcrunch.com) (vercel.com) Context said the affected product was its deprecated AI Office Suite, a consumer tool launched in June 2025 for documents, spreadsheets, and other agent-driven tasks. The company said that product was separate from its enterprise Bedrock deployments, which run in customer infrastructure. (context.ai) Context said it detected and stopped unauthorized access to its Amazon Web Services environment in March 2026, hired CrowdStrike, and shut down the hosting environment for the consumer product. After Vercel shared new information, Context said it concluded that some AI Office Suite OAuth tokens were also compromised. (context.ai) One of those tokens was then used to access Vercel’s Google Workspace, according to Context. The company said at least one employee had enabled “allow all” for the app’s requested Google Workspace permissions, including actions like writing emails or creating documents on the user’s behalf. (context.ai) Vercel said Next.js and Turbopack were not affected. The company also said it had engaged incident-response experts, notified law enforcement, and continued updating its public bulletin through April 24. (techcrunch.com) (vercel.com) By April 24, Vercel said a broader log review had found a small number of additional accounts tied to the same incident. It also found a separate small number of customer accounts with signs of compromise that, based on its investigation to date, did not appear to originate on Vercel systems. (vercel.com) TechCrunch reported that Vercel warned the attack path could affect “hundreds of users across many organizations,” not only Vercel itself. Context said it is contacting potentially affected AI Office Suite users directly with next steps. (techcrunch.com) (context.ai) The breach turned a browser-linked AI tool into a route into a company’s Google identity system. Vercel’s cleanup now centers on log review, customer notification, and credential rotation rather than any compromise of its open-source codebases. (vercel.com) (techcrunch.com)