RSS
← All articles
breach
2026-04-19

Vercel confirms breach - attackers got in through Context.ai AI tool's Google Workspace OAuth, stole customer environment variables

Cloud development platform Vercel disclosed a security incident on April 19 after a threat actor claiming to be ShinyHunters posted stolen data for sale on a hacking forum. Vercel CEO Guillermo Rauch confirmed the initial access came through a breach at Context.ai, an enterprise AI platform one Vercel employee had signed up for using their Vercel enterprise account with 'Allow All' OAuth permissions. Attackers compromised Context.ai, stole the OAuth token, took over the employee's Google Workspace account, and pivoted into Vercel environments. Once inside, they accessed environment variables not marked as 'sensitive' - these are stored unencrypted at rest, unlike sensitive env vars which Vercel encrypts. The attacker posted 580 employee records (names, emails, account status, activity timestamps) as a teaser, plus screenshots of an internal Vercel Enterprise dashboard. They claim to also have access keys, source code, database data, and API keys, though Vercel characterizes impact as a 'limited subset' of customers. Mandiant is engaged. This is the cleanest real-world example to date of the AI supply chain risk pattern everyone has been warning about: a third-party AI tool with broad OAuth scopes becomes the initial access vector into your primary infrastructure.

vercelcontext-aishinyhuntersoauthgoogle-workspacesupply-chainai-supply-chainbreach
Check
If you deploy apps on Vercel, rotate all environment variables immediately - especially any not marked 'sensitive'. Also audit every third-party AI/SaaS tool that has OAuth access to your Google Workspace or similar identity provider.
Affected
Any Vercel customer with environment variables not marked 'sensitive'. Vercel has directly contacted a 'limited subset' of customers whose credentials were compromised. If you weren't contacted, Vercel says it has no evidence of your data being accessed at this time. Separately: any organization using Context.ai with Google Workspace OAuth granted 'Allow All' permissions.
Fix
Rotate every Vercel environment variable and redeploy applications to pick up the new values. Mark any secret as 'sensitive' in Vercel's dashboard going forward - this encrypts at rest. In Google Workspace Admin, search for and revoke OAuth App ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com. Review Google Workspace audit logs between April 1-19 for unusual OAuth grants or token access. Audit every third-party tool connected to your Google Workspace - specifically those granted broad OAuth scopes - and remove any your team isn't actively using.
Related Articles
threatGemStuffer campaign turned RubyGems into a clandestine data drop - 150+ malicious gems hid scraped UK council portal pages inside Ruby packages
vulnerabilityOne unpatched Quest KACE box at a Boston MSP exposed 60+ named client organizations - law enforcement, schools, healthcare, and government on one MariaDB dump (CVE-2025-32975)
breachBWH Hotels (Best Western's parent) had attackers in its reservation system for over six months - guests' contact details and stay records exposed across Best Western, WorldHotels, and SureStay brands