Key Findings

• Vercel suffered a breach stemming from the compromise of Context.ai, a third-party AI tool used by an employee

• Attackers used the compromised account to access internal Vercel systems and non-sensitive environment variables

• Sensitive environment variables stored in encrypted format show no evidence of unauthorized access

• A limited subset of customers had credentials compromised and have been notified

• Threat actor ShinyHunters claimed responsibility and is allegedly selling stolen data for $2 million

• Vercel is working with Mandiant, law enforcement, and Context.ai to investigate the full scope

Background

Vercel, a major web infrastructure provider, disclosed a security breach that allowed attackers to gain unauthorized access to certain internal systems. The incident didn't originate from a direct attack on Vercel itself but rather through a supply chain vulnerability. An employee at the company used Context.ai, a third-party artificial intelligence tool, which was itself compromised. This gave the attacker an entry point into Vercel's environment.

Attack Chain and Access

The attacker leveraged the compromised Context.ai access to take over an employee's Vercel Google Workspace account. From there, they gained access to some Vercel environments and environment variables. The company emphasized that attackers only accessed variables that were not marked as "sensitive." Vercel's architecture includes encryption protections for sensitive environment variables, preventing them from being read even if accessed by an unauthorized party. The company has found no evidence that these encrypted values were compromised.

Threat Actor Assessment

Vercel characterized the threat actor behind the incident as "sophisticated," citing their rapid operational velocity and detailed understanding of Vercel's internal systems. This suggests the attacker had either prior knowledge of Vercel's infrastructure or quickly developed it during the intrusion. A persona using the name ShinyHunters has claimed responsibility for the hack and is attempting to sell the stolen data for $2 million.

Customer Impact

A limited subset of Vercel customers had their credentials compromised. The company has directly notified affected customers and urged them to rotate their credentials immediately. Vercel is still investigating what data was exfiltrated and plans to contact customers with additional information if further evidence of compromise emerges. The company has also identified a suspicious OAuth application that administrators should watch for: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

Recommended Mitigations

Vercel has advised customers and Google Workspace administrators to take several defensive steps. These include reviewing activity logs for suspicious activity, auditing and rotating environment variables containing secrets that aren't marked as sensitive, and ensuring sensitive environment variables are properly configured for protection. Customers should also investigate recent deployments for anything unexpected, ensure Deployment Protection is set to at least Standard level, and rotate any Deployment Protection tokens in use.

Response and Future Changes

Vercel is partnering with Google-owned Mandiant and other cybersecurity firms while coordinating with law enforcement and Context.ai. CEO Guillermo Rauch stated on X that the company has deployed extensive protection measures and monitoring. He also emphasized that Next.js, Turbopack, and Vercel's open source projects remain safe. In response to the incident, Vercel has already rolled out new dashboard capabilities including an overview page for environment variables and an improved interface for creating and managing sensitive environment variables.

Sources

• https://thehackernews.com/2026/04/vercel-breach-tied-to-context-ai-hack.html

• https://x.com/TheHackersNews/status/2046071831720046821

• https://www.reddit.com/r/SecOpsDaily/comments/1sqfpmj/vercel_breach_tied_to_context_ai_hack_exposes/