Vercel Discloses Internal System Breach Following Upstream Compromise of AI Platform Context.ai

Vercel, the cloud infrastructure provider behind the Next.js framework, disclosed a security incident on April 19, 2026, involving unauthorized access to its internal systems. The breach was traced to an upstream compromise of Context.ai, a third-party AI platform used by a Vercel employee. According to a security bulletin and subsequent statements from Vercel CEO Guillermo Rauch, the attacker gained entry by compromising a Google Workspace OAuth application associated with Context.ai, which then allowed for the takeover of a Vercel employee’s corporate account. The specific indicator of compromise identified was OAuth Client ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.

The incident, which Vercel began investigating in the early hours of April 19, allowed the threat actor to move laterally from the compromised Google Workspace account into Vercel’s internal environments. Technical analysis revealed that the attacker was able to enumerate and read environment variables that were not marked as sensitive within the Vercel platform. Under Vercel’s current architecture, variables not flagged as sensitive are stored in a format readable by certain internal administrative tools, whereas sensitive variables remain encrypted at rest and were reportedly not accessed during this intrusion.

During the window of unauthorized access, the threat actor—identified in underground forums as ShinyHunters—claimed to have exfiltrated source code, database records, and internal API keys, including GitHub and NPM tokens. While Vercel has not confirmed the full extent of these claims, the company acknowledged that approximately 580 employee records, including names, email addresses, and activity timestamps, were compromised. Additionally, screenshots of internal dashboards, including the project management tool Linear, were circulated by the attacker as proof of access. The attacker reportedly attempted to sell the stolen data for two million dollars on underground forums.

Vercel has engaged the cybersecurity firm Mandiant to lead the forensic investigation and has notified law enforcement. In its official recommendations, Vercel advised customers to audit their project configurations and rotate any secrets or credentials stored as non-sensitive environment variables. The company emphasized that its core production infrastructure, global edge network, and major open-source projects—including Next.js and Turbopack—remain secure and were not impacted by the breach. Vercel is the primary steward of Next.js, which currently sees approximately six million weekly downloads.

CEO Guillermo Rauch characterized the attacking group as highly sophisticated and suggested the intrusion was significantly accelerated by AI, noting the speed at which the actors navigated Vercel’s internal infrastructure. Vercel has since published an indicator of compromise identifying the specific OAuth client ID used in the attack and is urging other organizations using Context.ai to review their Google Workspace logs for similar unauthorized activity. The company stated it is currently contacting a limited subset of customers directly impacted by the credential exposure, though it did not provide an exact count of affected enterprise accounts.