Back Issues This Week → Current Issue → Popular →

On April 19, 2026, Vercel disclosed a significant breach of its internal systems that began with a compromised AI productivity tool called Context.ai.

Attackers used infostealer malware to steal authentication credentials, then leveraged OAuth tokens to bypass MFA and access Vercel's internal systems, ultimately bulk-extracting environment variables containing cloud keys, database credentials, and GitHub tokens from customer projects.

The stolen data is being sold for $2 million by the ShinyHunters cybercriminal group. Organizations using Vercel should immediately revoke any access granted to Context.ai, rotate all secrets stored in Vercel environment variables, and audit their cloud provider logs and GitHub accounts for unauthorized activity. This incident highlights how third-party AI tool compromises can cascade into supply-chain attacks, emphasizing the need for strict governance of OAuth permissions and least-privilege access controls.