![Vercel breach linked to compromised AI tool Context[.]ai](https://securityaffairs.com/wp-content/uploads/2026/04/image-66.png)
VERCEL has disclosed a security breach triggered by the compromise of a third‑party AI tool, Context[.]ai, used by one of its employees. The attacker took over the employee’s Google Workspace account and used it to access parts of Vercel’s internal systems, including some environments and environment variables not marked as sensitive, exposing a limited amount of customer‑related data.
According to Vercel, the attacker demonstrated a high level of skill and moved quickly, with the incident stated to originate from the compromise of Context[.]ai and the linked Google Workspace access enabling partial access to internal resources.
The company is working with cybersecurity partner Mandiant and other security partners to investigate and has notified law enforcement, while urging users to review account activity logs, rotate exposed secrets, and consider stronger protections, such as marking sensitive environment variables. The notice notes that environment variables marked as sensitive are stored in a way that prevents them from being read, and Vercel advises admins to review for a suspicious OAuth app ID linked to the breach.