Vercel Confirms Breach Tied to Compromised AI Tool's OAuth App

A Supply-Chain Breach Hits a Developer Favourite

Vercel, one of the most widely used web hosting and deployment platforms among modern developers, has confirmed a significant security incident. On 19 April 2026, the company disclosed that unauthorised actors gained access to certain internal systems through a compromised third-party AI tool whose Google Workspace OAuth application had been hijacked as part of a broader campaign potentially affecting hundreds of organisations.

How the Attackers Got In

According to Vercel's security bulletin, the breach originated from a small third-party AI tool integrated into its Google Workspace environment. Security researcher Jaime Blasco, co-founder and CTO of Nudge Security, identified the compromised application as Context.ai by matching the Google Workspace OAuth client ID published in Vercel's indicator of compromise to a now-removed Chrome extension listing under the same Google account. The attack followed a pattern increasingly common in supply-chain incidents: attackers compromise a trusted OAuth application, then pivot through Google Workspace's trust boundary into internal systems.

ShinyHunters Claims Responsibility

Shortly after disclosure, a user operating under the ShinyHunters name posted a listing on BreachForums at roughly 2:02 AM ET titled "Vercel Database Access Key and Source Code". The listing claimed to include employee accounts, internal deployment access, NPM and GitHub tokens, API keys, source code, and database data, offered for roughly $2 million. Leaked direct messages reportedly showed negotiations starting at $500,000 in Bitcoin, with Vercel asking the attacker to stop contacting employees. Developers noted that integrations with Linear and GitHub appeared to be primarily affected.

Guidance for Customers and the Wider Industry

Vercel has urged all customers to review activity logs, rotate environment variables containing secrets like API keys, tokens, and database credentials, and adopt the platform's "sensitive environment variables" feature. Variables marked as sensitive are stored in a way that prevents them from being read, and Vercel says it has no evidence those values were accessed. However, variables not marked sensitive should be treated as potentially exposed.

The concern reaches further than Vercel itself. Because the compromise began in an upstream OAuth application, any Google Workspace environment that granted access to the same AI tool may be similarly exposed. Vercel has published the OAuth app's indicators of compromise and urged Google Workspace administrators to check their environments immediately.