Vercel Security Breach Expands to Hundreds of Users; AI Developers at Higher Risk

Gate News message, April 23 — Vercel disclosed on April 19 that its security incident, initially described as affecting a "limited subset of customers," has expanded to a much broader developer community, particularly those building AI agent workflows. The attack may affect hundreds of users across several organizations, not limited to Vercel alone but potentially impacting the broader tech industry.

The breach originated when a Context.ai employee was infected with Lumma Stealer malware after downloading a Roblox Auto-farm script and game exploit tools. The malware compromised the employee's Google Workspace login credentials and access keys to platforms including Supabase, Datadog, and Authkit. The attacker then used a stolen OAuth token to access Vercel's Google Workspace account, which had been created using a Vercel enterprise account with "allow all" permissions. Once inside, the attacker decrypted non-sensitive environment variables, though sensitive data remained protected due to Vercel's storage safeguards.

AI developers face elevated risk because they commonly store critical credentials—such as OpenAI or Anthropic API keys, vector database connection strings, webhook secrets, and third-party tool tokens—in environment variables without manually marking them as sensitive. These credentials are not automatically flagged by the system, leaving them vulnerable to exposure.

In response, Vercel updated its platform so that all newly created environment variables are marked sensitive by default. The company's security team shared the unique identifier of the compromised OAuth app, urging Google Workspace administrators to audit access logs. Context.ai, assisted by Nudge Security CTO Jaime Blasco, detected an additional OAuth permission grant with Google Drive access and immediately alerted affected customers with remediation steps.