A vulnerability in how one employee connected a third-party app to their corporate Google account has exposed customer API keys, source code, and database credentials at Vercel, the cloud hosting platform used by millions of developers to deploy web applications.
The breach began with Context AI, a software maker that builds evaluations and analytics for AI models. A Vercel employee downloaded Context AI's Office Suite consumer app and linked it to their corporate account through OAuth, the authentication standard that lets apps access Google account data without handling passwords directly. Attackers hijacked that connection to take over the employee's Google account and pivot into Vercel's internal systems.
The exposed credentials were not encrypted.
Vercel says it has contacted affected customers and advised immediate rotation of any keys marked as "non-sensitive" in app deployments. The distinction matters: developers often store operational tokens in environment variables they assume are safe, only to discover those same tokens grant access to production databases or payment processors.
Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly.
— Guillermo Rauch (@rauchg) April 19, 2026
A Vercel employee got compromised via the breach of an AI platform customer called https://t.co/xksNNigVfE that he was using. The details…
The attackers are selling the stolen data on a cybercriminal forum. The listing, seen by TechCrunch, claims to represent ShinyHunters, a hacking group known for breaching cloud and database companies. ShinyHunters later told Bleeping Computer they are not involved. The actual identity of the threat actor remains unknown. Vercel says it has received no ransom demand.
Context AI confirmed its own breach in March, involving the same Office Suite app, but initially notified only one customer. The company now believes the incident is "likely broader than first thought" and that hackers "likely compromised OAuth tokens for some of our consumer users." Context AI did not disclose the breach publicly at the time and did not respond to requests for comment.
Vercel's Next.js and Turbopack open source projects were not affected. Both frameworks power substantial portions of the modern web. The separation between open source code and internal infrastructure is cold comfort for developers whose deployed applications now need credential rotation.
The breach fits a pattern of supply chain attacks targeting software infrastructure companies. By compromising tools developers trust and reuse, attackers gain indirect access to downstream targets. Vercel explicitly warns the incident may affect "hundreds of users across many organizations" beyond its own customer base.
Vercel is investigating and has sought answers from Context AI. The number of affected customers remains undisclosed.
Source: Vercel