Web infrastructure company Vercel has disclosed a security breach that allowed attackers to gain unauthorised access to certain internal systems after a third-party artificial intelligence tool used by an employee was compromised.

The incident began with Context.ai, which was connected to the employee’s Google Workspace account. According to the company, the attacker used that access to move further into Vercel’s internal environment. “The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as ‘sensitive,’” the company said in a bulletin.

Environment variables often contain data like API keys, tokens, and credentials used by applications. Vercel noted that variables marked as sensitive are protected differently.

“Environment variables marked as ‘sensitive’ in Vercel are stored in a manner that prevents them from being read, and we currently do not have evidence that those values were accessed,” the company said. While the company has not yet disclosed the full scope of the breach, it described the threat actor as “highly sophisticated.”

“We assess the attacker as highly sophisticated based on their operational velocity and detailed understanding of Vercel’s systems,” the company added. To investigate the incident, Vercel has brought in incident response experts from Mandiant, along with other cybersecurity firms and law enforcement.

“We are actively investigating, and we have engaged incident response experts to help investigate and remediate,” the company said in a statement. So far, the company says a “limited subset” of customers had credentials exposed. Those affected have already been contacted and advised to rotate their credentials immediately.

A Breach that Started Outside the Company

One of the more striking parts of the incident is where it started. Instead of exploiting a vulnerability directly inside Vercel’s infrastructure, the attacker entered through a third-party AI tool connected to an employee account. Once inside, access expanded into internal systems and configuration environments.

Investigators believe the compromise may be part of a wider issue involving the tool’s Google Workspace OAuth application.

“Our investigation has revealed that the incident originated from a small, third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise,” Vercel said.

The company has since published the suspected indicator of compromise to help other organisations check their own environments.

Meanwhile, a hacker using the ShinyHunters identity has claimed responsibility for the breach and reportedly attempted to sell the stolen data for $2 million. Vercel CEO Guillermo Rauch said the company has taken additional steps to strengthen security.

“We’ve deployed extensive protection measures and monitoring,” Rauch wrote on X. “We’ve analysed our supply chain, ensuring Next.js, Turbopack, and our many open-source projects remain safe for our community.” He added that the company has already introduced new security features in response to the incident.

“In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables and a better user interface for sensitive environment variable creation and management.”

How to Stay Safe: The Developer’s Checklist

For developers and organisations using Vercel, security teams recommend reviewing activity logs for suspicious behaviour, especially unexpected deployments or login activity.

Secrets such as API keys, tokens, and database credentials should be rotated immediately if they were stored in environment variables that were not marked as sensitive. Users are also advised to review recent deployments, remove anything unfamiliar, and ensure deployment protection settings are enabled.

Finally, teams should start storing secrets as sensitive environment variables so that they remain encrypted and unreadable even if internal systems are accessed. The investigation is ongoing, and Vercel says it will notify customers if additional evidence of compromise emerges.

Claude Mythos Preview Raises Regulatory Concerns Over Vulnerability Exploitation Capability
Researchers say it can autonomously combine multiple weaknesses to penetrate complex systems, raising concerns it could be used to target financial institutions and critical infrastructure.
TechloyOgbonda Chivumnovu