Cloud app hosting giant Vercel has confirmed that hackers breached its internal systems and stole customer data, including API keys, source code, and database credentials. The breach originated not from Vercel's own infrastructure but from a third-party AI tool called Context AI marking yet another supply chain attack in an industry increasingly vulnerable to them.
How the Breach Happened
The attack followed a disturbingly simple path. A Vercel employee downloaded a consumer app made by Context AI and connected it to their corporate Google account using OAuth, a common authentication protocol. Hackers who had already compromised Context AI's systems used that OAuth connection to take over the employee's Google account and gain access to Vercel's internal systems including credentials that were not encrypted.
Context AI, which builds evaluations and analytics for AI models, confirmed on its website that it experienced a breach in March involving its consumer app. The app allows users to automate actions and workflows across multiple third-party applications. Context AI said the hackers likely compromised OAuth tokens for some of its consumer users.
The breach raises an uncomfortable question: how many other companies have employees connecting AI tools to their corporate accounts without realizing the security implications?
What Was Stolen
The scale of the data theft is still being determined. A threat actor claiming to represent the ShinyHunters hacking group posted a listing on a cybercriminal forum offering access to customer API keys, source code, and database data stolen from Vercel. However, the actual ShinyHunters group told cybersecurity outlet Bleeping Computer that they are not involved in this incident.
Vercel CEO Guillermo Rauch advised customers to immediately rotate any keys and credentials in their app deployments marked as non-sensitive. The company said it has contacted customers whose app data and keys were compromised.
Vercel confirmed the breach may affect hundreds of users across many organizations and warned of potential downstream breaches spanning the broader tech industry.
Vercel's Next.js Is Safe
One important clarification: Vercel said its open-source projects Next.js and Turbopack were not affected by the breach. Both projects are widely used by web and app developers worldwide, and a compromise of either would have had far-reaching consequences across the internet.
A Growing Pattern of Supply Chain Attacks
The Vercel breach is the latest in a string of supply chain attacks targeting software developers and the tools they rely on. Earlier this month, OpenAI issued a security alert after third-party developer tool Axios was compromised, exposing macOS app-signing workflows and forcing the company to revoke certificates for multiple applications.
The pattern is consistent: hackers are no longer targeting companies directly. Instead, they compromise widely used third-party tools knowing that a single breach can cascade across hundreds or thousands of downstream organizations. By attacking the tools that developers trust, hackers gain access to credentials, source code, and infrastructure at a scale that direct attacks cannot match.
For Vercel specifically, the breach is particularly significant given the company's position in the AI-driven development ecosystem. With 30 percent of apps on its platform now built by AI agents and revenue exceeding $340 million, Vercel hosts critical infrastructure for thousands of companies. A breach of its systems affects not just Vercel but everyone who deploys on its platform.
Context AI's Delayed Disclosure
Questions are also emerging about Context AI's handling of the breach. The company said it notified one customer when it first discovered the incident in March, but based on Vercel's disclosure, now believes the breach is likely broader than initially thought. It remains unclear why Context AI did not disclose the breach publicly at the time, or whether it received any ransom demands from the attackers.
The delayed disclosure highlights a recurring problem in cybersecurity: companies that discover breaches often downplay or delay disclosure, leaving downstream victims unaware that their data may be compromised.
What Customers Should Do Now
Vercel's guidance is straightforward: rotate all keys and credentials immediately. Any API keys, database credentials, or authentication tokens stored in Vercel deployments should be treated as potentially compromised. Customers should also review their OAuth connections to third-party applications and revoke any that are not strictly necessary.
The broader lesson is equally clear: as AI tools proliferate across development workflows, every new integration is a potential attack surface. The convenience of connecting an AI analytics tool to a corporate account must be weighed against the security risk of giving that tool and anyone who compromises it access to critical infrastructure.
