Cloud development platform Vercel has disclosed a security breach that allowed unauthorized access to certain internal systems, highlighting growing risks tied to third-party AI tools in enterprise environments. The incident was traced back to a compromise of Context.ai, an external AI service used by a Vercel employee, which ultimately served as the entry point for attackers.
According to the company, the attackers exploited a compromised Google Workspace OAuth integration linked to Context.ai, enabling them to take control of an employee’s account. This access allowed the threat actors to move laterally into Vercel’s systems and gain visibility into certain environments and configuration data. The breach did not involve direct exploitation of Vercel’s core infrastructure, but rather leveraged weaknesses in the broader software supply chain.
Vercel confirmed that only a limited subset of customers was impacted, with some credentials exposed because of the intrusion. However, the company emphasized that environment variables marked as “sensitive” remain protected through encryption, and there is currently no evidence suggesting that such critical data was accessed. Affected users have been notified and advised rotating credentials and review account activity as a precaution.
The attackers behind the breach are described as highly sophisticated, with indications of deep system knowledge and rapid operational execution. Reports suggest that a threat actor using the “ShinyHunters” identity has claimed responsibility and is attempting to sell the stolen data for $2 million, although full details of the data exposure are still under investigation.
In response, Vercel has implemented additional monitoring and security controls, while working with cybersecurity firms and law enforcement agencies to contain the incident. The company has also urged organizations to audit third-party integrations, especially AI tools with broad access permissions, as the breach underscores a growing trend of supply chain attacks targeting interconnected systems in modern cloud environments.
