# Vercel Confirms Breach After OAuth Grant via Compromised AI Vendor _Tuesday, April 21, 2026 at 8:08 PM EDT · Cybersecurity · Latest · Tier 1 — Major_ ![Vercel Confirms Breach After OAuth Grant via Compromised AI Vendor — Primary](https://images.ctfassets.net/jdtwqhzvc2n1/6wgHVXn6N3biFNjGQrW3dM/05683cce2c54c5658a779c71e09887df/Vercel_breach.png?w=800&q=75) Vercel, the cloud platform behind Next.js, confirmed on Sunday that attackers gained unauthorized access to internal systems through an OAuth grant tied to a compromised AI vendor. The entry point was Context.ai, an AI tool installed by a Vercel employee who signed into it using a corporate Google Workspace account. When Context.ai was breached, the attacker inherited that employee's Workspace access and pivoted into Vercel environments. Vercel CEO Guillermo Rauch described the attacker as "highly sophisticated and, I strongly suspect, significantly accelerated by AI." The company brought in Mandiant, notified law enforcement, and collaborated with GitHub, Microsoft, npm, and Socket to verify that no Vercel npm packages were compromised. OX Security's analysis found that the attacker escalated privileges by sifting through environment variables not marked as "sensitive." Vercel's bulletin states that variables marked sensitive are stored in a manner that prevents them from being read, while variables without that designation were accessible in plaintext through the dashboard and API. Jaime Blasco, CTO of Nudge Security, independently surfaced a second OAuth grant tied to Context.ai's Google Workspace integration. Vercel said it is now defaulting environment variable creation to "sensitive" and has revoked all active Context.ai OAuth tokens. The incident highlights a broader vulnerability in how companies manage OAuth grants from third-party applications. Nudge Security research indicates the average enterprise has more than 300 SaaS apps with OAuth integrations, many of which receive limited security review. ## Sources - [VentureBeat](https://venturebeat.com/security/vercel-breach-exposes-the-oauth-gap-most-security-teams-cannot-detect-scope-or-contain) --- Canonical: https://techandbusiness.org/newswire/AEZb6aPEfH1He0gKA585xt Retrieved: 2026-04-22T03:25:42.114Z Publisher: Tech & Business (techandbusiness.org)