Vercel, the cloud infrastructure and deployment platform, officially disclosed a significant security breach on April 20, 2026, originating from a compromised third-party AI tool. The incident, which was first identified on April 19, allowed unauthorized actors to gain access to internal systems and a limited subset of customer credentials. According to a security bulletin released by Vercel, the breach was facilitated by the compromise of an employee account at Context.ai, a provider of AI-driven workspace tools.
The attack chain began in February 2026 when a Context.ai employee’s workstation was infected with Lumma Stealer malware. This initial infection occurred after the employee downloaded game exploits for Roblox, which served as a delivery mechanism for the infostealer. The malware allowed threat actors to exfiltrate OAuth tokens, including one belonging to a Vercel employee who had signed up for Context.ai’s AI Office Suite using their Vercel enterprise Google Workspace account. Because the employee had granted Allow All permissions to the third-party application, the attacker was able to bypass traditional perimeter defenses and take over the employee’s Vercel-linked Google account.
Once inside Vercel’s internal environment, the attacker accessed environment variables that were not marked as sensitive. Vercel confirmed that while sensitive variables are encrypted at rest, non-sensitive variables were stored in plaintext, allowing the attacker to enumerate and exfiltrate them. The company stated that a limited subset of customers had their credentials exposed through this method. Vercel has directly contacted all affected users, advising them to rotate their credentials and environment variables immediately.
Technical analysis provided by Vercel and cybersecurity firm Hudson Rock identified the specific malicious OAuth application ID as 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com and the associated Chrome extension as omddlmnhcofjbnbflmjginpjjblphbgk. While the specific escalation via Context.ai occurred in early 2026, some reports suggest related intrusion activity may date back to June 2024. Vercel described the threat actor as highly sophisticated, citing their operational velocity and deep understanding of Vercel’s internal architecture. A threat actor operating under the ShinyHunters persona has claimed responsibility for the breach, allegedly offering the stolen data for sale on BreachForums for 2 million dollars.
In response to the incident, Vercel has engaged Google-owned Mandiant and other cybersecurity firms to conduct a full forensic investigation. The company also collaborated with GitHub, Microsoft, and npm to verify the integrity of its open-source packages. As of April 20, Vercel confirmed that no npm packages, including Next.js, have been tampered with. The company is currently auditing its internal OAuth configurations to prevent similar over-privileged access in the future and has introduced a new dashboard UI to improve the visibility of environment variable security settings.