Vercel, the cloud platform widely used for hosting Next.js applications and frontend frameworks, has confirmed a significant security incident resulting in the theft of customer data and internal credentials. The breach originated not from Vercel’s direct infrastructure, but through a supply chain compromise at Context AI, a third-party vendor providing AI evaluation tools, highlighting the persistent vulnerabilities in modern software supply chains.
The company disclosed that attackers gained access to Vercel’s internal systems after compromising an employee’s corporate Google account through an OAuth connection with Context AI’s Office Suite consumer application. According to Vercel’s incident report, the employee had downloaded the Context AI application, which created an authenticated session that threat actors later exploited to pivot into Vercel’s corporate environment.
Attack vector and data access
Once inside Vercel’s systems, the attackers accessed unencrypted credentials and authentication tokens stored within the internal infrastructure. The compromised data includes customer application data, API keys, and database information. Vercel has acknowledged that the scope of the breach spans multiple organizations, though the company has not disclosed the specific number of affected customers.
Notably, Vercel emphasized that its open-source projects, including Next.js and Turbopack, were not affected by the incident. These projects represent critical infrastructure for millions of developers worldwide, and their isolation from the breach prevents a cascading supply chain compromise of the broader JavaScript ecosystem.
The attack methodology underscores the risks associated with OAuth-based integrations in enterprise environments. By compromising a seemingly peripheral consumer application—Context AI’s Office Suite—the attackers bypassed traditional perimeter security controls and gained privileged access to corporate systems through legitimate authentication tokens.
Threat actor attribution confusion
The incident has generated confusion regarding threat actor attribution. The hackers initially claimed affiliation with ShinyHunters, a notorious cybercriminal group known for high-profile data breaches, in a listing posted to a cybercriminal forum offering stolen Vercel data for sale. However, the actual ShinyHunters group has denied involvement in the breach.
The listing includes offers for customer API keys, source code, and database data stolen from Vercel’s infrastructure. Security researchers note that false flag operations and brand-name exploitation are common in the cybercriminal ecosystem, particularly when lesser-known actors attempt to leverage the reputation of established groups to drive up prices for stolen data.
Context AI's delayed disclosure
Context AI, which builds evaluation and analytics tools for AI models, confirmed on its website that it experienced a breach in March involving its Context AI Office Suite consumer application. The timing raises significant questions about disclosure protocols, as the connection between the Context AI compromise and the Vercel breach appears to have taken weeks to establish or disclose.
It remains unclear whether Context AI received ransom demands from the attacker or why the company did not publicly disclose the breach at the time of discovery. The delay between the initial Context AI compromise and Vercel’s confirmation highlights gaps in real-time threat intelligence sharing between vendors in software supply chains.
Response and customer impact
Vercel chief executive Guillermo Rauch has advised affected customers to immediately rotate all API keys and credentials associated with their application deployments. The company has initiated direct outreach to organizations whose data was definitively accessed during the incident.
Security professionals emphasize that customers should treat this as a full credential rotation event rather than selective updates. Even credentials characterized as “non-sensitive” by Vercel should be rotated, as attackers often maintain persistent access or exfiltrate data that reveals internal architecture useful for future attacks.
The incident serves as a critical reminder of the interconnected nature of modern cloud infrastructure. As organizations increasingly rely on OAuth integrations and third-party SaaS applications for productivity and development workflows, the attack surface extends beyond traditional network boundaries into the consumer applications used by employees.
Supply chain security implications
This breach contributes to a growing pattern of supply chain attacks targeting the software development ecosystem. Recent months have seen increased targeting of developers and cloud infrastructure providers, recognizing that compromising a single platform like Vercel can yield access to thousands of downstream customer applications and databases.
The attack specifically highlights the “island-hopping” technique, where threat actors compromise smaller, less secure vendors to access larger enterprise targets. Context AI, while not a core infrastructure provider, served as an effective bridge into Vercel’s corporate systems due to the OAuth trust relationship.
Industry analysts note that cloud-native companies face particular challenges in securing OAuth token lifecycles and third-party application access. Unlike traditional API keys that can be rotated systematically, OAuth tokens granted to consumer applications often persist with broad permissions until manually revoked—a process many organizations fail to audit regularly.
Vercel’s disclosure, while detailing the technical mechanism of the attack, leaves several operational questions unanswered, including the specific timeline of data exfiltration and whether the company has detected ongoing unauthorized access attempts since the initial containment.
Source: Original article