Vercel confirms it was hacked through a compromised third-party AI tool

Vercel, the popular cloud development platform known for Next.js and the vibe coding webiste builder v0, has reported a security incident tied to a compromised third party AI tool connected through Google Workspace OAuth. The breach gave attackers access to internal data, and a threat actor later posted alleged proof online, including 580 employee records and claims of access to internal deployments, API keys, and source code. Although the post linked the attack to ShinyHunters, people associated with that group have denied involvement in this specific case.

Vercel CEO Guillermo Rauch later said the initial access came after a Vercel employee’s Google Workspace account was compromised through a breach at Context.ai. He also said the attacker moved further into Vercel’s environment by enumerating environment variables that were marked as non sensitive and therefore were not encrypted at rest, even though customer environment variables are otherwise fully encrypted at rest.

The company said the incident affected only a limited subset of customers and is urging administrators to review activity logs, audit potentially affected Google Workspace apps, and rotate environment variables where needed. Vercel also said its open source projects, including Next.js and Turbopack, were not impacted, and that it has updated its dashboard with a new environment variables overview and better controls for managing sensitive variables.