Vercel, the cloud platform provider behind the Next.js framework, announced on April 23, 2026, that it has identified an additional set of customer accounts compromised in an ongoing security incident. The breach, which was initially linked to the compromise of a third-party AI tool called Context.ai, allowed unauthorized actors to access internal Vercel systems and enumerate non-sensitive environment variables. Vercel CEO Guillermo Rauch described the attacker as highly sophisticated and AI-accelerated. The company is currently working with Google-owned incident response firm Mandiant and law enforcement to investigate the full scope of the intrusion.
The technical root of the incident has been traced to a compromise of Context.ai’s AI Office Suite, a now-deprecated consumer product. According to security bulletins updated on April 23, a Vercel employee had signed up for the tool using their enterprise Google Workspace account and granted Allow All OAuth permissions. This connection allowed the attacker to perform a replay attack using a compromised OAuth token. Threat intelligence firm Hudson Rock reported that the initial point of infection occurred in February 2026, when a Context.ai employee was infected with Lumma Stealer malware after downloading game exploit scripts.
Once the attacker gained control of the Vercel employee’s Google Workspace account, they moved laterally into Vercel’s internal environment. The company stated that the intruder was able to decrypt and read environment variables that were not explicitly marked as sensitive. These variables typically include plaintext configuration data. However, Vercel emphasized that all data designated as sensitive remained encrypted at rest and showed no signs of unauthorized access. Furthermore, a collaborative audit with GitHub, Microsoft, npm, and Socket confirmed that no npm packages maintained by Vercel were tampered with or compromised during the event.
As of April 23, Vercel’s expanded review of network logs and environment variable read events led to the discovery of a small number of additional compromised accounts. The company also identified a separate group of accounts showing signs of compromise that predated the April incident, which Vercel attributed to independent factors such as social engineering or malware. All affected customers have been notified directly and advised to rotate their credentials immediately to mitigate further risk.
In response to the breach, Vercel has implemented several product-level security enhancements. These include defaulting all new environment variables to sensitive status and improving team-wide management controls for secrets. The company also published specific indicators of compromise, including the OAuth application ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com, to assist other organizations in auditing their own Google Workspace environments. While a threat actor using the alias ShinyHunters claimed to be selling the stolen data for $2 million, security analysts have suggested the claim may be an attempt to inflate the incident's notoriety.