Cloud development platform Vercel has confirmed a security incident involving unauthorized access to certain internal systems, prompting the company to notify law enforcement and advise customers to review and rotate their environment variables. The incident, disclosed on April 19, 2026, originated from a compromise of Context.ai, a third-party AI tool used by a Vercel employee.
The attacker gained access through a compromised Google Workspace OAuth app linked to Context.ai, subsequently infiltrating the employee's Vercel Google Workspace account. This access allowed threat actors to move laterally into Vercel's internal environments and potentially access non-sensitive environment variables. Vercel stated that environment variables marked as "sensitive" are stored in a manner that prevents them from being read, and there is currently no evidence that these values were accessed.
Vercel CEO Guillermo Rauch provided an update, stating, > "A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using." Rauch also noted that the attacker's operational velocity and understanding of Vercel's systems were "highly sophisticated," suggesting potential AI-assisted tactics. The company is working with Mandiant and other cybersecurity firms to investigate the breach.
The incident has raised concerns about supply chain security and the default settings for environment variables. While Vercel has rolled out new dashboard capabilities for managing environment variables, the platform's opt-in approach for marking variables as sensitive has been a point of discussion among cybersecurity experts. A threat actor claiming to be "ShinyHunters" has reportedly offered to sell Vercel data for $2 million, though Vercel has not confirmed the validity of these claims.
Vercel has emphasized that its core services remain operational, and a limited subset of customers appears to have been impacted. The company is directly contacting affected customers and recommending immediate credential rotation. The incident underscores the growing risks associated with third-party integrations, particularly AI tools, and the critical importance of robust secret management practices.
