Vercel: Limited credentials accessed after AI tool breach

Vercel confirmed on Sunday that attackers accessed a limited set of customer credentials after compromising a Vercel employee through a third-party AI tool and that employee’s Google Workspace account.

The company says the intruder first gained access to the AI tool identified as Context.ai. With control of the Google Workspace account, the attacker moved into certain internal systems and enumerated environment variables that teams had marked as non-sensitive, extracting credentials tied to a subset of customers.

Vercel identified the affected customers, notified them and recommended immediate rotation of compromised secrets.

A post by an account calling itself “ShinyHunters” on a hacking forum offered Vercel data for $2 million, listing claimed access keys, source code, database information and employee accounts with deployment access. Vercel did not confirm the full scope of those specific claims.

CEO Guillermo Rauch wrote that the intruders operated with “surprising velocity and in-depth understanding of Vercel” and added he strongly suspected the operation had been accelerated by AI. He noted Vercel stores customer environments with full encryption but allows teams to mark some environment variables as non-sensitive, which the attacker exploited during enumeration.

Vercel noted it has deployed expanded protections and monitoring since detecting the incident. The company advised affected customers to rotate secrets, monitor access to their Vercel environments and any linked services, and to use the platform’s sensitive environment variable controls to reduce exposure.

The company also analyzed its supply chain and stated that open-source projects it maintains, including Next.js and Turbopack, remain safe for users.

Vercel is a cloud hosting provider used by many web development teams and crypto projects. The company said it is continuing its investigation and working to strengthen protections across internal systems and customer environments.