Vercel Breach Traced to Compromised AI Tool Context.ai, Exposes Non‑Sensitive Environment Variables

**TL;DR** Vercel recently experienced a security breach originating from a compromised Context.ai application, leading to unauthorized access of an employee's Google Workspace account and subsequent exposure of non-sensitive environment variables within Vercel's systems.

A sophisticated cyberattack recently impacted Vercel, a leading cloud platform for web development, tracing back to a third-party AI tool. Threat actors first compromised Context.ai, an artificial intelligence (AI) tool used by a Vercel employee. This initial breach served as the entry point for the subsequent security incident.

This compromise allowed attackers to hijack the employee's Google Workspace account, subsequently gaining entry into specific Vercel environments. Investigations pinpoint Context.ai's OAuth app for Google Workspace as the specific point of entry. Vercel characterized the attacker as highly sophisticated, noting the operation's speed and detailed system knowledge demonstrated during the breach.

Attackers accessed non-sensitive environment variables, which are dynamic named values that can affect the way running processes will behave. Vercel stated it found no evidence of sensitive values or customer login credentials being compromised, contacting a limited number of affected customers directly to advise credential rotation. In response, Vercel released an Indicator of Compromise (IOC) to help Google Workspace administrators detect the compromised Context.ai OAuth app within their environments, acknowledging its potential impact across multiple organizations. The company is collaborating with Mandiant and other cybersecurity firms, industry peers, and law enforcement agencies to investigate further.

### What Defenders Should Do

Organizations should immediately rotate any environment variables not marked as sensitive, especially those containing API keys, access tokens, database credentials, or signing keys. Review logs for any suspicious activity and monitor recent deployments for unexpected changes. Implement Deployment Protection set to at least "Standard" for enhanced security on Vercel deployments. Google Workspace administrators must utilize the Vercel-provided IOC to check for the presence of the compromised Context.ai OAuth app, removing it if detected to mitigate potential exposure.

The ongoing investigation will clarify the full extent of this supply chain attack and the broader implications for organizations integrating third-party AI applications.