Cloud development platform Vercel confirmed a security breach originating from a compromised third-party AI tool, leading to unauthorized access to internal systems and non-sensitive environment data.

Key Points

• Vercel identified unauthorized access to internal systems after an employee's Google Workspace account was compromised via the third-party tool Context.ai.
• The breach exposed non-sensitive environment variables, prompting the company to notify affected customers and recommend immediate credential rotation.
• A threat actor is currently attempting to sell alleged Vercel source code and 580 employee records on a dark web forum for $2 million.
• While the seller claims affiliation with the extortion group ShinyHunters, the group has reportedly distanced itself from the incident.
• Vercel maintains that its services remain operational while the company continues to investigate the full extent of the data exfiltration.

Why it Matters

This incident highlights the growing security risks associated with supply chain vulnerabilities and the integration of third-party AI tools into corporate workflows. It serves as a critical reminder for organizations to enforce strict access controls and monitor third-party software permissions to prevent unauthorized lateral movement within internal networks.