Vercel Confirms Security Breach via Compromised Third-Party AI Tool

Cloud platform Vercel publicly disclosed a security incident on Sunday: unknown attackers gained unauthorized access to the company’s internal systems. The attack was carried out via a compromised third-party AI tool and potentially affects a limited number of customers. Vercel was valued at $9.3 billion in its most recent funding round in September 2025, with an investment of $300 million, and is among the companies that have benefited significantly from the AI boom of recent years.

What is Vercel?

Vercel is a US-based cloud provider headquartered in San Francisco, founded in 2015 by Guillermo Rauch under the name ZEIT. The company operates a Platform-as-a-Service solution specializing in the deployment and hosting of web applications. Vercel is also the developer and maintainer of Next.js, one of the most widely used open-source web frameworks in the React ecosystem, recording around six million weekly downloads.

Vercel is not only a provider of an AI cloud giving its customers consolidated access to AI models, but also simultaneously the provider of the vibe coding tool v0. Its customers include companies such as IBM, Uber, Nike, Walmart, McDonald’s, and GitHub. In recent years, the platform has established itself as something of a standard for deploying modern frontend applications.

What happened?

According to Vercel’s security bulletin, the incident stems from a compromise of Context.ai, a third-party AI tool used by a Vercel employee. Through this vulnerability, the attackers were able to take over the affected employee’s Google Workspace account and from there gain access to parts of Vercel’s infrastructure.

Specifically, the attackers gained access to so-called environment variables that had not been marked as “sensitive.” Variables designated as “sensitive” are stored encrypted by Vercel and, based on current knowledge, could not be viewed. However, the variables not classified as sensitive could be read — and in some cases apparently still contained security-relevant information such as API keys or database credentials.

Vercel CEO Guillermo Rauch stated on the platform X that the attackers were able to gain further access through the enumeration of these non-sensitive variables. The company classifies the attackers as highly sophisticated and points to their speed and detailed knowledge of Vercel’s systems. Rauch expressed the suspicion that the attackers may have been able to act more quickly with the assistance of AI.

Who is affected?

Vercel states that it has so far identified only a limited number of customers whose credentials were compromised. These customers were contacted directly and asked to rotate their credentials immediately. Those who were not contacted have, according to Vercel, no current reason to assume that their own data is affected.

However, the scope extends beyond Vercel: according to the company, the OAuth app of Context.ai was part of a broader attack that could potentially have affected hundreds of users across various organizations. Vercel has published a specific Indicator of Compromise (IoC) and recommends that Google Workspace administrators check their environments for the relevant OAuth app.

The incident is receiving particular attention in the crypto industry: numerous decentralized applications and Web3 projects use Vercel as frontend infrastructure, meaning the potential exposure of API keys and credentials poses immediate risks in that space.

Following an analysis of its own supply chain, Vercel confirmed that the open-source projects Next.js and Turbopack are not affected.

Who is behind it?

On April 19, a post appeared on the hacking forum BreachForums under the name “ShinyHunters,” offering access to Vercel data and source code for sale for two million US dollars. ShinyHunters is a hacker group active since 2019 that has previously been linked to attacks on Wattpad, Tokopedia, and AT&T Wireless, among others. Whether the claims in this case are substantiated has not yet been independently verified.

Vercel and the competition

Vercel operates in a market it shares primarily with Netlify and Cloudflare Pages. All three platforms offer cloud-based deployment for web applications but differ in their areas of focus.

Vercel is considered the leader in the Next.js application space and offers the closest integration with the React ecosystem. Netlify positions itself as a framework-agnostic alternative with built-in additional features such as form handling and identity management. Cloudflare Pages, in turn, stands out with a global edge network of over 300 locations, unlimited bandwidth on the free tier, and particularly low latencies — an advantage the company owes to its existing CDN infrastructure.

Vercel is working with the cybersecurity firm Mandiant, other cybersecurity companies, and law enforcement agencies to investigate the incident. The platform’s services remain operational. The company has already made improvements to the dashboard, including an overview page for environment variables and a simplified management interface for sensitive variables.