Vercel’s CEO said a “highly sophisticated,” potentially AI-assisted hacking group was behind a recent security incident that exposed some customer credentials following a breach of internal systems.
Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly.
The breach originated from the compromise of Context.ai, a third-party AI tool used by a Vercel employee, which allowed attackers to take over the employee’s Google Workspace account and gain access to some Vercel environments and non-sensitive environment variables.
The disclosure highlights growing concerns about the security risks posed by third-party integrations and AI-powered tooling, as attackers increasingly exploit supply chain vulnerabilities to gain footholds inside organizations.
Vercel and cryptoRauch said the attack unfolded through “a series of maneuvers” beginning with the compromised employee account and escalating into broader access to internal environments. While Vercel stores customer environment variables encrypted at rest, the company allows some variables to be marked as non-sensitive, which the attackers were able to access.
The company believes the number of affected customers is limited and said it has contacted those potentially impacted as a priority. Vercel has since deployed additional monitoring and protection measures, while also reviewing its supply chain to ensure the safety of projects such as Next.js and Turbopack.
John Woods, CEO of Nillion, told Decrypt that “limited subset” usually means the observed affected-customer set appears limited so far, but it does not necessarily rule out broader internal movement or wider downstream risk. “In modern cloud platforms, blast radius is not only about how many customers were visibly impacted at first, but also about what the compromised systems could reach behind the scenes,” Woods said.
He recommended companies follow a variety of best practices to avoid this sort of situation. “Lock down OAuth grants, use least privilege, enforce strict controls around sensitive environment variables, separate frontend deployment from secret or signing authority, and monitor deployments and logs closely,” he said.
“For anyone whose credentials may have been taken, the immediate priority is to revoke access, rotate credentials, and review every system those credentials could reach," he added, noting that, "At a higher level, the lesson is to avoid architectures where one compromise can reach too much.”
The actor, who may also be impersonating ShinyHunters, also claimed to have discussed a $2 million ransom demand with the company. Vercel did not immediately respond to a request to confirm those claims.
