Key Findings Vercel suffered a breach stemming from the compromise of Context.ai, a third-party AI tool used by an employee Attackers used the compromised account to access internal Vercel systems and non-sensitive environment variables Sensitive environment variables stored in encrypted format show no evidence of unauthorized access A limited subset of customers had credentials compromised and have been notified Threat actor ShinyHunters claimed responsibility and is alleged
