**Vercel** announced on Wednesday that its investigation into the recent security incident has revealed a broader impact than initially assessed. The company discovered a new set of customer accounts compromised through unauthorized access to its internal systems. ### Expanding the Investigation The discovery was made after Vercel broadened its investigation by including additional compromise indicators and reviewing requests to the Vercel network, as well as environment variable read events within its logs. "Second, we have uncovered a small number of customer accounts with evidence of prior compromise that is independent of and predates this incident, potentially as a result of social engineering, malware, or other methods," the company stated in an update. **Vercel** has notified the affected parties but has not disclosed the precise number of impacted customers. ### The Context.ai Connection This development follows the initial acknowledgement that the breach originated from a compromise of **Context.ai**. A Vercel employee's use of Context.ai led to the attacker gaining control of their Google Workspace account. "From there, they were able to pivot into a Vercel environment, and subsequently maneuvered through systems to enumerate and decrypt non-sensitive environment variables," Vercel explained. ### Lumma Stealer and the Patient Zero Further investigation by **Hudson Rock** suggests that a **Context.ai** employee was infected with **Lumma Stealer** in February 2026. This infection occurred after the employee searched for **Roblox** auto-farm scripts and game exploit executors, potentially marking this event as the “patient zero” in the attack chain. **Guillermo Rauch**, CEO of Vercel, stated in an X post: "We now understand that the threat actor has been active beyond that startup's [referring to Context.ai] compromise. Threat intel points to the distribution of malware to computers in search of valuable tokens like keys to Vercel accounts and other providers." ### Shadow AI and OAuth Risks The incident raises questions about whether Vercel employees' use of the Context AI Office Suite was sanctioned or an instance of shadow AI. Shadow AI refers to the unauthorized use of AI tools within SaaS applications without formal IT review, exposing organizations to unforeseen risks. **Context.ai** has since deprecated the AI Office Suite. **Tanium** noted the inherent risks of OAuth integrations: "OAuth integrations are useful because they reduce friction. They're also dangerous because they can inherit trust from the user and the organization. When attackers abuse an approved integration, they may avoid some of the controls teams rely on for direct account compromise." ### Implications for Defenders The incident highlights the need for rapid detection and response capabilities. According to Tanium, "What stands out operationally is less the volume of data exposed and more the attackers' velocity and ability to enumerate internal environments before detection. That changes the job for defenders. The challenge shifts from prevention to rapid scoping and blast-radius reduction."