Vercel Confirms Context.ai Breach After Unauthorized Access to Internal Systems

Vercel, the company behind the widely used Next.js web development framework, confirmed that it suffered a security incident after unauthorized access to certain internal systems.

“Update 4/19/26: Added additional information from Vercel that was disclosed after publishing”

BleepingComputer

Multiple outlets tied the intrusion to a third-party AI tool called Context.ai, describing it as the entry point into Vercel’s internal environments.

BleepingComputer

TechCrunch reported that “The breach originated from another software maker, Context AI,” and said “One of Vercel’s employees downloaded an app made by Context AI and connected it to their corporate account, which is hosted by Google.”

The Register similarly said Vercel “blamed an outfit called Context.ai,” adding that the attacker “used that access to take over the employee's Vercel Google Workspace account.”

In its own bulletin language quoted by BleepingComputer, Vercel warned: “We've identified a security incident that involved unauthorized access to certain internal Vercel systems,” and said it was “actively investigating” while engaging incident response experts and notifying law enforcement.

CoinDesk added that Vercel traced the intrusion to a “compromised Google Workspace connection via third-party AI tool Context.ai,” and said the incident may have exposed credentials used by app frontends.

The breach also triggered immediate remediation steps: TechCrunch said Vercel “advised customers to rotate any keys and credentials in their app deployments that are marked as ‘non-sensitive,’” while The Times of India reported Vercel recommended “an immediate rotation of credentials” to customers in a “limited subset.”

Across the reporting, the mechanism of compromise centered on OAuth access granted through the employee’s Google Workspace account.

TechCrunch said the hackers used that connection “(known as OAuth) to take over the Vercel employee’s Google account and gain access to some of Vercel’s internal systems, including credentials that were not encrypted.”

Blockhead

CoinDesk described the same chain as “a compromised Google Workspace connection via third-party AI tool Context.ai,” and said the hacker was able to “grab behind-the-scenes settings that weren't locked down,” potentially exposing API keys.

Tom’s Hardware added a specific detail about the OAuth permission scope, stating that Context.ai explained an employee granted “Allow All” OAuth permissions and that “Vercel’s internal OAuth configurations appear to have allowed this action to grant these broad permissions in Vercel’s enterprise Google Workspace.”

The Register likewise quoted Context.ai’s bulletin framing, saying the employee “signed up for the AI Office Suite using their Vercel enterprise account and granted ‘Allow All’ permissions.”

Vercel’s own position, as quoted by multiple outlets, distinguished between “sensitive” and “non-sensitive” environment variables, with the company asserting that sensitive values were protected.

Yet BleepingComputer also reported that the attacker gained further access after enumerating variables, quoting Rauch: “We do have a capability, however, to designate environment variables as 'non-sensitive.' Unfortunately, the attacker got further access through their enumeration.”

Alongside Vercel’s technical explanation, outlets described claims by a threat actor offering data for sale and demanding payment.

CoinDesk reported that a post on cybercrime forum BreachForums claimed to be selling Vercel data for $2 million, “including access keys and source code,” while noting the claims had not been independently verified.

TechCrunch said hackers claimed to have stolen “sensitive customer credentials from Vercel’s systems and are selling the data online,” and described a threat actor selling access to customer API keys, source code, and database data.

TechRadar similarly said the dark web actor was “selling alleged Vercel source code and 580 employee records for $2M,” and quoted a forum advertisement: “Greetings all. Today I am selling Access Key/Source Code/Database from Vercel,” while stating the actor asked for $2 million “in exchange for deleting and not leaking the stolen files.”

SecurityWeek reported that a hacker using the online moniker ShinyHunters announced on BreachForums on April 19 the sale of “Vercel databases, access keys, employee accounts, and source code,” offering it for $2 million.

BleepingComputer described the forum post as claiming access keys, source code, and database data “allegedly stolen from Vercel,” and said the actor shared a text file containing “580 data records containing names, Vercel email addresses, account status, and activity timestamps.”

Vercel’s response, as characterized by TechCrunch and The Times of India, emphasized that it had not received ransom communications and that it was contacting affected customers.

Several reports connected the Vercel compromise to earlier Context.ai security activity and to a broader supply-chain escalation narrative.

TechCrunch said Context AI “confirmed on its website that it had a breach in March involving its Context AI Office Suite consumer app,” and that it “likely compromised OAuth tokens for some of our consumer users.”

CoinCentral

The Register and Tom’s Hardware both described Context.ai’s March AWS incident, with The Register stating Context.ai “hired CrowdStrike to conduct an investigation, and closed its AWS rig.”

Tom’s Hardware added that “Cybersecurity firm Hudson Rock claims to have traced Context.ai's own compromise back further to an employee infected by Lumma Stealer malware after downloading Roblox game exploit scripts in February.”

CoinDesk similarly said the intrusion was traced to Context.ai and described the broader pattern of crypto infrastructure attacks occurring around the same weekend, including a $292 million exploit of Kelp DAO’s rsETH token and a $285 million Drift attack.

In the Vercel-specific chain, Tom’s Hardware reported that Vercel engaged “Google-owned incident response firm Mandiant,” notified law enforcement, and contacted a “limited subset of affected customers directly.”

BleepingComputer also included a concrete mitigation instruction for administrators: it advised checking an OAuth App identifier, “OAuth App: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.”

The reporting converged on a set of immediate customer actions centered on environment variables, credential rotation, and log review, while Vercel continued to investigate whether any data was exfiltrated.

“Hack at Vercel sends crypto developers scrambling to lock down API keys Breach tied to compromised AI tool may have exposed credentials used by app frontends, the user-facing layer that connects web3 wallets and trading interfaces to backend services”

CoinDesk

TechCrunch said Vercel “has contacted customers whose app data and keys were compromised,” and quoted CEO Guillermo Rauch advising customers to rotate keys and credentials in deployments marked “non-sensitive.”

CoinDesk

The Times of India reported Vercel told customers to review activity logs and rotate environment variables, stating that “If you have not been contacted, we do not have reason to believe that your Vercel credentials or personal data have been compromised at this time.”

TechRadar described Vercel’s security bulletin as recommending an immediate rotation of credentials and said Vercel had “deployed extensive protection measures and monitoring” while investigating “whether and what data was exfiltrated.”

BleepingComputer added that Vercel advised customers to “review environment variables, use its sensitive environment variable feature, and to rotate secrets if needed,” and it quoted Rauch explaining the role of “non-sensitive” variables and that sensitive values were encrypted at rest.

Tom’s Hardware reported that Vercel instructed customers to “audit activity logs, rotate any API keys, tokens, or database credentials stored in non-sensitive environment variables, and review recent deployments for anything unexpected.”

Finally, Vercel rolled out product changes, with Tom’s Hardware saying it “rolled out new dashboard features, including an overview page for environment variables and an improved interface for managing sensitive variable settings,” and CoinDesk noting Vercel is the “primary steward of Next.js.”