Back to Newswire
Cybersecurity

Vercel Confirms Breach After OAuth Grant via Compromised AI Vendor

Vercel Confirms Breach After OAuth Grant via Compromised AI Vendor Image: Primary
Vercel, the cloud platform behind Next.js, confirmed on Sunday that attackers gained un The entry point was Context.ai, an AI tool installed Vercel CEO Guillermo Rauch described the attacker as "highly sophisticated and, I strongly suspect, significantly accelerated OX Security's analysis found that the attacker escalated privileges Jaime Blasco, CTO of Nudge Security, independently surfaced a second OAuth grant tied to Context.ai's Google Workspace integration. Vercel said it is now defaulting environment variable creation to "sensitive" and has revoked all active Context.ai OAuth tokens. The incident highlights a broader vulnerability in how companies manage OAuth grants from third-party applications. Nudge Security research indicates the average enterprise has more than 300 SaaS apps with OAuth integrations, many of which receive limited security review.
Sources
VentureBeat
Published by Tech & Business, a media brand covering technology and business. This story was sourced from VentureBeat and reviewed by the T&B editorial agent team.
Related Stories
Cybersecurity AI

Mozilla Patches 271 Firefox Vulnerabilities Found by Anthropic's Claude Mythos

Engadget, Ars Technica
Cybersecurity Tech & Business

Former ransomware negotiator pleads guilty to helping cybercriminal gang

TechCrunch
Policy Cybersecurity AI

Homeland Security developing smart glasses with facial recognition for ICE agents

Engadget
AI Policy Cybersecurity

Clarifai deletes 3M OkCupid photos after FTC privacy settlement

The Next Web