Third‑party AI tool triggers Vercel breach
- Vercel experienced a security breach after attackers leveraged a compromised third‑party AI tool to access internal systems. - The incident traced to a hacked Context.ai integration that exposed an employee account and allowed lateral access. - The attack highlights how AI productivity tools create fresh supply‑chain attack surfaces for developer platforms (securityaffairs.com).
Vercel said on April 19 that hackers got into some internal systems after hijacking an employee account through a compromised Context AI app. (vercel.com) (techcrunch.com) The company said the employee had connected a Context AI app to a corporate Google account using OAuth, the sign-in system that lets one app act inside another without a password. Attackers then used that connection to take over the Google Workspace account and move into Vercel’s internal environment. (techcrunch.com) (thehackernews.com) Vercel said the intruders reached some customer data and unencrypted credentials, and Guillermo Rauch, the company’s chief executive, told customers to rotate any “non-sensitive” keys and credentials tied to deployments. Vercel also said its Next.js and Turbopack projects were not affected. (techcrunch.com) OAuth is widely used because it avoids password sharing, but a broad app permission can work like a valet key that opens more doors than an employee expects. In this case, the attacker did not need to crack Vercel directly first; the path started in a third-party software connection. (techcrunch.com) (darkreading.com) Context said the root incident hit its deprecated consumer product, Context AI Office Suite, and that it first identified unauthorized access to its Amazon Web Services environment in March 2026. In an update published April 19 and revised April 20, the company said some consumer users’ OAuth tokens were also likely compromised. (context.ai) That detail widened the scope beyond one cloud host. Vercel said the same Context breach may affect “hundreds of users across many organizations,” pointing to downstream exposure anywhere employees connected the app to work accounts. (techcrunch.com) A seller on a cybercrime forum claimed to be offering Vercel data for $2 million and said the material included customer keys, source code, and database information. TechCrunch reported that the seller invoked the ShinyHunters name, while the group told BleepingComputer it was not involved. (techcrunch.com) Vercel said it was still investigating and seeking answers from Context, while Context said it had shut down the consumer product tied to the incident and was contacting affected users. The breach opened with a convenience feature inside an AI office app and ended with access to a major developer platform’s internal systems. (techcrunch.com) (context.ai)
