Vercel Security Breach Linked to Context.ai Compromise: Limited Customer Credentials Exposed
Vercel, a prominent web infrastructure provider, has recently disclosed a security incident that resulted in unauthorized access to specific internal systems. The breach originated from the compromise of Context.ai, an external artificial intelligence (AI) tool utilized by a Vercel employee.
The attacker exploited this vulnerability to commandeer the employee’s Vercel Google Workspace account, thereby infiltrating certain Vercel environments and accessing environment variables not designated as ‘sensitive.’ Vercel has assured that variables marked as ‘sensitive’ are encrypted, and there is no current evidence indicating these were accessed.
The company characterized the perpetrator as ‘sophisticated,’ citing their rapid operations and in-depth knowledge of Vercel’s systems. In response, Vercel is collaborating with cybersecurity firms, including Google-owned Mandiant, notifying law enforcement, and working with Context.ai to fully assess the breach’s scope.
A limited number of customers have had their credentials compromised. Vercel is directly contacting these customers, advising them to promptly rotate their credentials. The investigation into potential data exfiltration is ongoing, with plans to inform customers if further compromises are identified.
Vercel recommends that Google Workspace administrators and account holders review their OAuth applications for the following identifier:
> 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com
To mitigate risks, Vercel advises:
– Reviewing activity logs for unusual activity.
– Auditing and rotating environment variables containing secrets that aren’t marked as sensitive.
– Investigating recent deployments for anomalies and ensuring Deployment Protection is set to at least the Standard level.
– Rotating Deployment Protection tokens, if applicable.
While specific details about the systems affected and the number of impacted customers remain undisclosed, a threat actor known as ShinyHunters has claimed responsibility, allegedly offering the stolen data for $2 million.
Context.ai reported a March 2026 incident involving unauthorized access to its AWS environment, leading to the potential compromise of OAuth tokens for some users. The attacker reportedly used a compromised OAuth token to access Vercel’s Google Workspace. Context.ai has notified affected customers and provided necessary guidance.
Further investigation by Hudson Rock revealed that a Context.ai employee was compromised with Lumma Stealer malware in February 2026, suggesting this infection may have initiated the supply chain escalation.
Vercel’s CEO, Guillermo Rauch, stated that extensive protective measures and monitoring have been implemented. The company has also enhanced its dashboard with new features, including an overview page for environment variables and improved management interfaces for sensitive variables.
