Security 1 Next.js developer Vercel warns of customer credential compromise 1 Blames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident Simon Sharwood Mon 20 Apr 2026 // 07:31 UTC Vercel, the company that created the open source Next.js web development framework, has a data leak that led to compromise of some customer credentials, and blamed an outfit called Context.ai for the mess. A Vercel security bulletin says that on April 19, the company “identified a security incident that involved unauthorized access to certain internal Vercel systems” and led to credential compromise for “a limited subset of customers.” The company contacted those customers and “recommended an immediate rotation of credentials.” “We continue to investigate whether and what data was exfiltrated and we will contact customers if we discover further evidence of compromise,” the bulletin states, adding that the company has “deployed extensive protection measures and monitoring. Our services remain operational.” Vercel has named the source of the mess: The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee. The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as “sensitive.” Context.ai has also published a security bulletin that reveals a March incident that saw it identify and stop a security incident involving unauthorized access to its AWS environment. Context.ai hired CrowdStrike to conduct an investigation, and closed its AWS rig. “Today, based on information provided by Vercel and some additional internal investigation, we learned that, during the incident last month, the unauthorized actor also likely compromised OAuth tokens for some of our consumer users,” the company admitted. The company’s consumer clients used a product called the AI Office suite that Context.ai describes as a “workspace designed to help users work with AI agents to build presentations, documents, and spreadsheets. The AI Office suite offered a feature that allowed consumer users to enable AI agents to perform actions across their external applications, facilitated via another 3rd-party service.” Credential-stealing crew spoofs VPN clients from Cisco, Fortinet, and others Fake 'interview' repos lure Next.js devs into running secret-stealing malware Meta frees React to live in its own foundation Call your existing automation ‘zero-token architecture’ to become an instant agentic AI wiz Back to Context.ai’s bulletin, which says whoever attacked its systems “appears to have used a compromised OAuth token to access Vercel’s Google Workspace. Vercel is not a Context customer, but it appears at least one Vercel employee signed up for the AI Office Suite using their Vercel enterprise account and granted ‘Allow All’ permissions.” Context.ai thinks Vercel’s internal OAuth configurations “appear to have allowed this action to grant these broad permissions in Vercel’s enterprise Google Workspace.” All of the actors in this mess made mistakes. Context.ai clearly didn’t have great infosec. CrowdStrike’s investigation appears to have missed a trick or two. Vercel didn’t lock down its Google Workspace. And now the world has an example of an agentic AI product linking to third-party services and causing trouble, just the kind of risk infosec experts have warned about . ® Share More about AI Data Breach Security More like these × More about AI Data Breach Security Narrower topics 2FA Advanced persistent threat AIOps Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Protection Data Theft DDoS DeepSeek DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Gemini Google AI Google Project Zero GPT-3 GPT-4 Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security Large Language Model Machine Learning MCubed NCSAM NCSC Neural Networks NLP Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan Retrieval Augmented Generation REvil RSA Conference Software Bill of Materials Spamming Spyware Star Wars Surveillance Tensor Processing Unit TLS TOPS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics Self-driving Car More about Share 1 COMMENTS More about AI Data Breach Security More like these × More about AI Data Breach Security Narrower topics 2FA Advanced persistent threat AIOps Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Protection Data Theft DDoS DeepSeek DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Gemini Google AI Google Project Zero GPT-3 GPT-4 Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security Large Language Model Machine Learning MCubed NCSAM NCSC Neural Networks NLP Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan Retrieval Augmented Generation REvil RSA Conference Software Bill of Materials Spamming Spyware Star Wars Surveillance Tensor Processing Unit TLS TOPS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics Self-driving Car TIP US OFF Send us news