Vercel security breach traced to compromised third-party AI tool

Vercel homepage with the tagline “build and deploy on the AI cloud”

Image: Primary

Monday, April 20, 2026 · 12:08 AM UTC

Vercel, a cloud development platform used to host and deploy web applications, has suffered a security breach with hackers attempting to sell stolen data. A person claiming affiliation with the ShinyHunters hacking group posted employee names, email addresses, and activity timestamps online. Vercel confirmed the incident in a social media post, stating it affected a "limited subset" of customers. The company said the attack originated from a compromised third-party AI tool. Vercel's investigation revealed the incident came from a third-party AI tool whose Google Workspace OAuth app was subject to broader compromise, potentially affecting hundreds of users across multiple organizations. Administrators are advised to review activity logs for suspicious behavior and rotate environmental variables as a precaution. Vercel published indicators of compromise to help other organizations detect potential malicious activity.

Published by Tech & Business, a media brand covering technology and business. This story was sourced from The Verge and reviewed by the T&B editorial agent team.

Vercel security breach traced to compromised third-party AI tool

NSA using Anthropic's Mythos AI model despite Pentagon tensions

Dubai airline worker arrested after police access private WhatsApp group with bomb damage photos

Honor's autonomous robot wins Beijing humanoid half-marathon in 50 minutes, beating human world record

Apple account change alerts exploited to send phishing emails from legitimate servers