AI supply-chain attack: employee account compromise exposes access to Vercel internal systems

Cloud development platform Vercel has confirmed a security incident in which attackers gained unauthorized access to parts of its internal infrastructure. The entry point was a third-party artificial intelligence tool, Context.ai, used by one of the company’s employees.

Attack chain: from AI tool to internal environments

According to an investigation and reporting by The Hacker News, the attack began with the compromise of an external tool integrated into an employee’s workflow. Through this vector, attackers took over a Google Workspace account, which in turn enabled access to Vercel’s internal environments.

They subsequently accessed a subset of environment variables that were not marked as sensitive. Vercel emphasizes that truly sensitive data is stored in encrypted form, and no evidence of its exposure has been found so far.

Attack sophistication and response

Vercel’s internal assessment indicates the operation was highly sophisticated. The attacker moved quickly and demonstrated a strong understanding of the company’s internal architecture and infrastructure layout.

The investigation is being conducted with assistance from Mandiant, part of the Google ecosystem, alongside additional cybersecurity experts. Vercel is also cooperating with Context.ai and notifying law enforcement authorities.

Potential customer impact

Preliminary findings suggest that a limited number of customer accounts may have been affected. Vercel has contacted impacted users directly and urged them to immediately rotate credentials and review access permissions.

Administrators of Google Workspace are specifically advised to check for a suspicious OAuth application with the following identifier:

110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

Security recommendations

Vercel has issued a set of mitigation steps:

• review activity logs for anomalous behavior
• audit environment variables not marked as sensitive
• check recent deployments for unauthorized changes
• ensure Deployment Protection is set to at least Standard
• rotate deployment protection tokens if used

Company response and remediation

Vercel CEO Guillermo Rauch stated that the company has strengthened monitoring and security controls and conducted a supply-chain audit, with particular focus on Next.js, Turbopack, and other open-source projects.

Scope and attribution

The company has not disclosed which systems were fully compromised or the exact number of affected customers. However, the attack has been claimed by a threat actor known as ShinyHunters, who allegedly offered the stolen data for sale for approximately $2 million.

Post-incident changes

Following the incident, Vercel has rolled out enhanced security features, including an improved environment variables overview interface and better tools for managing and securing sensitive configuration data