Cloud development platform Vercel has confirmed a security breach after hackers infiltrated its systems and stole data. The company disclosed that attackers exploited a vulnerability in a third-party AI tool, Context AI, to gain unauthorized access to certain internal systems.
In a security bulletin published on April 19, Vercel said the breach affected only a small number of customers and did not disrupt its services. The company has contacted impacted users and is actively investigating the incident.
“We are actively investigating and have engaged incident response experts to remediate the issue. We have notified law enforcement and will provide updates as the investigation progresses,” Vercel stated.
How the Breach Happened
According to CEO Guillermo Rauch, attackers first compromised a Vercel employee’s Google Workspace account through a breach at Context AI. After gaining entry, the hackers moved laterally within Vercel’s systems and accessed certain environment variables that were not marked as sensitive and therefore were not encrypted at rest.
Rauch clarified that Vercel encrypts all customer-designated sensitive environment variables and maintains multiple defense-in-depth security mechanisms. However, the attackers were able to enumerate and access some non-sensitive variables.
The company has since strengthened monitoring systems, enhanced dashboard controls, and introduced improvements that make it easier for customers to classify and encrypt sensitive environment variables.
Also Read: 80 cm Tsunami Hits Northern Japan After 7.4 Quake
Open-Source Ecosystem in Focus
Vercel develops and maintains Next.js, a widely used open-source framework built on top of React. The company monetizes its ecosystem through hosted serverless infrastructure, edge computing services, and CI/CD pipelines for frontend applications.
Rauch emphasized that Vercel has reviewed its supply chain and confirmed that Next.js, Turbopack, and other open-source projects remain secure.
The breach highlights a growing trend of hackers targeting AI tools and open-source components to execute supply chain attacks. In recent weeks, projects such as LiteLLM and Trivy have also faced compromises, affecting downstream users.
AI and Cybersecurity Risks
The incident comes amid rising concerns over AI-related cybersecurity risks. Earlier this month, AI startup Anthropic revealed it had developed a new AI model called Claude Mythos but chose not to release it due to potential cybersecurity dangers.
Rauch said he believes the attackers demonstrated high sophistication and may have accelerated their operations using AI tools. “They moved with surprising velocity and deep understanding of Vercel,” he wrote in a post on X.
Who Is Behind the Attack?
Before Vercel publicly disclosed the breach, the hacker group ShinyHunters claimed responsibility. According to cybersecurity outlet Bleeping Computer, the group attempted to sell allegedly stolen access keys, source code, API tokens, and database data on a hacking forum.
The group also reportedly shared a file containing 580 Vercel employee records, including names, email addresses, and account activity data. They further claimed to be negotiating a $2 million ransom demand, although Vercel has not confirmed those claims.
Company Response
Vercel said it has deployed extensive protection measures, enhanced monitoring systems, and engaged external security experts to contain and remediate the breach. The company has advised customers to review environment variables and enable sensitive-variable encryption where necessary.
As investigations continue, Vercel has pledged to provide further updates and maintain transparency with its customers and developer community.
Also Read: Airtel drops Rs 799 plan, hikes Rs 859 to Rs 899