Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Summary

Web infrastructure provider Vercel disclosed a security breach stemming from the compromise of Context.ai, a third-party AI tool used by an employee. The attacker leveraged this access to take over the employee's Google Workspace account and gain unauthorized access to certain Vercel internal systems and environment variables. A limited subset of customers had credentials compromised; threat actor ShinyHunters claimed responsibility and demanded $2 million for stolen data.

Full text

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Ravie LakshmananApr 20, 2026Cloud Security / Data Breach Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. "The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as 'sensitive,'" the company said in a bulletin. Vercel said environment variables marked as "sensitive" are stored in an encrypted manner that prevents them from being read, and that there is currently no evidence suggesting that those values were accessed by the attacker. It described the threat actor behind the incident as "sophisticated" based on their "operational velocity and detailed understanding of Vercel's systems." The company also said it's working with Google-owned Mandiant and other cybersecurity firms, as well as notifying law enforcement and engaging with Context.ai to better understand the full scope of the breach. A "limited subset" of customers is said to have had their credentials compromised, with Vercel reaching out to them directly and urging them to rotate their credentials with immediate effect. The company is continuing to investigate what data was exfiltrated, and plans to contact customers if further evidence of compromise is discovered. Vercel is also advising Google Workspace administrators and Google account owners to check for the following application OAuth application: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com As additional mitigations, the following best practices have been recommended - Review activity log for signs of suspicious activity. Audit and rotate environment variables that contain secrets and are not marked as sensitive. Use sensitive environment variables to ensure secrets are protected. Investigate recent deployments for anything unexpected or suspicious. Ensure that Deployment Protection is set to Standard at a minimum. Rotate Deployment Protection tokens, if set. While Vercel has yet to share details about which of its systems were broken into, how many customers were affected, and who may be behind it, a threat actor using the ShinyHunters persona has claimed responsibility for the hack, selling the stolen data for an asking price of $2 million. "We've deployed extensive protection measures and monitoring. We've analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community," Vercel CEO Guillermo Rauch said in a post on X. "In response to this, and to aid in the improvement of all of our customers’ security postures, we've already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive environment variable creation and management." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Cloud security, cybersecurity, data breach, Google Workspace, Mandiant, OAuth, Supply Chain Security, Vercel Trending News Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Block the Prompt, Not the Work: The End of "Doctor No" BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems AI Will Change Cybersecurity. Humans Will Define Its Success. A Lesson No Algorithm Can Teach The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority Popular Resources Learn How to Block Breached Passwords in Active Directory Before Attacks Get Full Visibility into Vendor and Internal Risk in One Platform [Guide] Get Practical Steps to Govern AI Agents with Runtime Controls Secure Your AI Systems Across the Full Lifecycle of Risks

Entities