Vercel Breach Traced to Employee’s Use of Compromised AI Tool Context.ai

Vercel, a platform for frontend deployment, disclosed the incident after detecting unusual activity in its internal environments last week. The entry point was a third‑party AI service that the employee had authorized with their corporate Google credentials.

- Attackers compromised Context.ai, which held an OAuth token granting broad access to the employee’s Google Workspace. - Using that token, they logged into the Workspace account, then pivoted to other Vercel systems via internal APIs. - Vercel states that only a limited number of customers were affected and that those customers have been directly contacted. - No evidence shows that environments marked as “sensitive” were accessed. - Giuseppe Trovato, Head of Research at Geordie AI, warned that granting sweeping OAuth permissions to consumer AI tools embeds the tool’s entire infrastructure into the enterprise trust chain.

The incident illustrates how a seemingly benign personal‑use AI application can become a conduit for enterprise‑wide compromise when OAuth scopes are overly permissive. It also highlights the risk of shadow AI—tools adopted without formal security review—especially when they rely on enterprise identity providers for authentication.

Security teams should immediately audit all third‑party OAuth applications linked to corporate accounts, revoking any that request excessive scopes such as full mailbox or Drive access. Enforce least‑privilege token grants and implement automated alerts for anomalous login locations or unusual token usage. Deploy conditional access policies that require MFA for OAuth‑based sign‑ins and block legacy authentication. Finally, adopt Vercel’s sensitive‑by‑default setting for environment variables and enforce it at the team level to limit accidental exposure.