Vercel confirms data breach linked to third-party AI tool: All you need to know

Weather ePaper Today’s Paper Journalism of Courage Home ePaper Politics Explained Opinion India Business Premium Cities UPSC Entertainment Sports World Lifestyle Tech Subscribe Sign In TrendingUPSC OfferIPL 2026US NewsPuzzles & GamesLegal NewsFresh TakeHealthResearch🎙️ Podcast Advertisement function checkAndLoadWindowSizeScript() { if (window.jQuery) { // jQuery is loaded, include your script jQuery(document).ready(function($) { // Your existing script for checking window width if (window.innerWidth) var page_w = window.innerWidth; else if (document.all) var page_w = document.body.clientWidth; if (page_w > 1024) { $(".add-left, .add-right").show(); } else { $(".add-left, .add-right").hide(); } }); } else { // jQuery is not loaded, check again after 0.2 seconds setTimeout(checkAndLoadWindowSizeScript, 200); } } // Initial call to the function checkAndLoadWindowSizeScript(); NewsTechnologyTechVercel confirms data breach linked to third-party AI tool: All you need to know Vercel confirms data breach linked to third-party AI tool: All you need to know The Vercel data breach points to an emerging trend of hackers targeting third-party AI tools to carry out supply chain attacks. By: Tech Desk5 min readNew DelhiUpdated: Apr 20, 2026 02:43 PM IST Prior to Vercel’s disclosure, prominent hacker group ‘ShinyHunters’ claimed responsibility for the breach. (Image: Unsplash) Make us preferred source on Google Whatsapp twitter Facebook Reddit PRINT Vercel, a platform that offers hosting and deployment infrastructure for front-end developers, has confirmed a security incident in which hackers breached its systems and stole data. Only a small number of customers were affected by the breach, which was allegedly caused by attackers exploiting a third-party AI tool called Context AI to gain unauthorised access to certain internal Vercel systems, the company said in a security bulletin published on Sunday, April 19. Services have not been impacted, Vercel said, adding that it is currently working with affected customers. “We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses,” the disclosure read. The cloud development platform is known for developing and maintaining Next.js, a widely used open-source framework built on top of the React library. Vercel monetizes its open-source efforts by offering a hosted serverless platform for front-end applications along with edge computing services and CI/CD pipelines that enable developers to build, preview, and deploy these applications. The Vercel breach points to an emerging trend of hackers targeting AI tools to carry out supply chain attacks. In recent weeks, major open-source AI projects such as Axios, LiteLLM, and Trivy have been compromised and, in turn, affecting companies whose developers rely on them. It also comes at a time when AI models themselves are becoming more capable in ways that can be exploited by hackers. Earlier this month, Anthropic said it has built a new AI model called Claude Mythos that has not been released by the AI startup as the model is said to pose dangerous cybersecurity risks. “We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel,” Guillermo Rauch, the CEO of Vercel, said in a post on X. “All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitisation of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community,” Rauch added. According to CEO Rauch, hackers were able to obtain initial access after a Vercel employee’s Google Workspace account was compromised via a breach at the AI platform Context.ai. The attacker then went on to compromise Vercel environments, where they were able to access environment variables that were not marked as sensitive and therefore not encrypted at rest. “Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration,” Rauch said. In response to the incident, Vercel said it has rolled out updates to its dashboard, including an overview page of environment variables and an improved interface for managing sensitive environment variables. The company has further advised customers to review environment variables for sensitive information and enable the sensitive variable feature to ensure they are encrypted at rest. Prior to Vercel’s disclosure, prominent hacker group ‘ShinyHunters’ claimed responsibility for the breach and attempted to sell the stolen data, as per a report by Bleeping Computer. Posting on an unnamed hacking forum, ShinyHunters said they were selling access keys, source code, and database data that were allegedly stolen from Vercel, along with access to internal deployments and API keys. “This is just from Linear as proof, but the access I’m about to give you includes multiple employee accounts with access to several internal deployments, API keys (including some NPM tokens and some GitHub tokens),” the forum post reportedly read. The attackers further shared a text file containing Vercel employee information, which consists of 580 data records containing names, Vercel email addresses, account status, and activity timestamps. They also shared a screenshot of what appeared to be an internal Vercel Enterprise dashboard, and claimed to be in discussion with the company over an alleged ransom demand of $2 million. To be sure, it is not confirmed whether ShinyHunters was behind the Vercel attack.