On April 21, 2026, web infrastructure provider Vercel issued a comprehensive update regarding a security incident that resulted in unauthorized access to its internal systems. The breach was traced back to a compromise of Context.ai, a third-party artificial intelligence tool. According to Vercel’s official security bulletin, the attacker leveraged a compromised Google Workspace OAuth application from Context.ai to gain control of a Vercel employee’s enterprise account. The employee had signed up for Context.ai’s AI Office Suite and granted broad permissions, which allowed the threat actor to pivot into Vercel’s internal environment.
The investigation, conducted in collaboration with Google-owned Mandiant and other cybersecurity firms, revealed that the attacker accessed a subset of environment variables that were not designated as sensitive. In Vercel’s system architecture, variables not marked as sensitive are stored in a way that allows them to be decrypted into plaintext, whereas sensitive variables are encrypted at rest. Vercel confirmed that there is currently no evidence suggesting that sensitive environment variables, production database credentials, or customer encryption keys were accessed. However, a limited subset of customers was notified that their non-sensitive credentials may have been exposed and were advised to perform an immediate rotation.
The root cause of the incident was linked to a prior security failure at Context.ai. In March 2026, a Context.ai employee was reportedly infected with Lumma Stealer malware, leading to the theft of OAuth tokens. These tokens were subsequently used to exploit the trust relationship between Context.ai and Vercel’s Google Workspace. Vercel’s internal OAuth configurations allowed the permissions granted by a single employee to provide a gateway for the attacker. Context.ai has since shut down the affected AWS environment and engaged CrowdStrike to validate its containment efforts.
Despite claims on BreachForums by a threat actor using the name ShinyHunters—who purported to have a Vercel database for sale for 2 million dollars—Vercel maintains that its core services remained fully operational throughout the event. The company collaborated with Microsoft, GitHub, and npm to verify that no software supply chains, including the Next.js framework, were compromised. Security analysts from Hudson Rock and OX Security noted that the attacker demonstrated a high degree of sophistication and a detailed understanding of Vercel’s internal systems, including the enumeration of environment variables to expand access.
In response to the breach, Vercel has implemented several security enhancements to its platform. The company now defaults all new environment variables to the sensitive setting and has introduced enhanced team-wide management controls. Vercel also emphasized the importance of hardware-based multi-factor authentication to mitigate the risks of OAuth-based supply chain attacks. The company stated it is continuing to work with law enforcement and industry peers to investigate the full scope of the exfiltrated data, which allegedly included 580 employee records.