## Vercel Confirms Security Incident Linked to AI Tool Compromise On Sunday, **Vercel** acknowledged a security breach, warning a "limited subset of customers" that their credentials had been compromised. The company is urging affected customers to immediately rotate their credentials and is actively investigating the full scope of the incident to determine if more customers are impacted. The breach was traced back to a compromise of **Context.ai**, a third-party AI tool used by a **Vercel** employee. According to **Vercel**, the attacker leveraged this access to gain control of the employee's **Vercel Google Workspace** account, enabling them to access certain **Vercel** environments and environment variables that were not designated as 'sensitive.' Sensitive environment variables, which are stored in a manner that prevents unauthorized reading, are not believed to have been accessed. **Mandiant** has been brought in to assist with the investigation, and law enforcement has been notified. **Vercel** describes the attacker as "highly sophisticated" due to their operational speed and deep understanding of **Vercel's** systems. **Vercel** has cautioned that simply deleting projects or accounts is insufficient to mitigate potential customer risk. Compromised secrets may still grant access to production systems, emphasizing the need to rotate credentials before deleting any projects or accounts. ## Context.ai's March Incident and OAuth Token Compromise **Context.ai** released its own statement, explaining that their tool is designed to assist users in building presentations and spreadsheets using AI agents. A key feature is a browser extension that allows the AI agent to perform actions across external applications. In March, **Context.ai** detected and stopped a cyberattack involving unauthorized access to their **AWS** environment. **CrowdStrike** was engaged to investigate the attack, and a potentially impacted customer was notified. Subsequent investigation, prompted by information from **Vercel**, revealed that OAuth tokens for some consumer users were also likely compromised during the March incident. The unauthorized actor appears to have used a compromised OAuth token to access **Vercel's Google Workspace**. **Context.ai** noted that **Vercel's** internal authorization configurations appear to have allowed the compromised employee account to grant broad permissions within **Vercel's** enterprise **Google Workspace**. ## Infostealer Infection Suspected Multiple cybersecurity research firms have linked the breaches to an infostealer infection dating back to February 17, allegedly involving a **Context.ai** employee's device. **Hudson Rock** reported that logs indicate the employee was searching for **Roblox** game exploits, which are often bundled with malware and infostealers. ## Potential Impact and Mitigation Randolph Barr, CISO of **Cequence Security**, highlighted **Vercel's** significant presence in the developer community, particularly for modern web applications. The primary concern is the exposure of environment variables and tokens, which can lead to further unauthorized access if teams do not promptly secure their systems. The attackers allegedly belong to **ShinyHunters**, a known cybercriminal organization with a history of high-profile attacks. The group claimed responsibility for the **Vercel** breach on its communication channels and demanded a $2 million ransom. **Vercel CEO Guillermo Rauch** believes the attackers' actions were "significantly accelerated by AI" due to their rapid pace and in-depth understanding of **Vercel**. He urged all customers to rotate their credentials and monitor access to their **Vercel** environments and linked services. <a href="https://www.recordedfuture.com/?utm_source=therecord&amp;utm_medium=ad"><figure><img src="https://cms.therecord.media/uploads/2025_0514_Record_Ads_970x250_1_d144dbf901.png" data-nimg="1" decoding="async" height="500" width="1000" alt="Recorded Future"></figure></a>