Vercel said Wednesday that it has identified a set of additional customer accounts that were compromised as part of a security incident that allowed unauthorized access to its internal systems.
The company said it made the discovery after expanding its investigation to include an additional set of compromise indicators, in addition to examining requests to the Vercel network and environment variable read events in logs.
“Second, we discovered a small number of customer accounts unrelated to this incident and with evidence of prior compromise as a result of social engineering, malware, or other techniques,” the company said in an update.
In both cases, Barthel said it notified the affected parties. The exact number of customers affected was not disclosed.
The development comes after the company that created the Next.js framework admitted that the breach occurred due to a compromise of Context.ai after a Vercel employee used it, which allowed attackers to seize control of a Google Workspace account and use it to access Vercel accounts.
“From there, they were able to migrate to the Vercel environment and then manipulate the system to enumerate and decrypt non-sensitive environment variables,” Vercel said.
Further investigation by Hudson Rock revealed that one of its Context.ai employees was infected with Lumma Stealer in February 2026 after searching for Roblox automated farm scripts and game exploit executors. This indicates that this event may have been “Patient Zero” that triggered the entire chain of malicious actions.
“We understand that threat actors are now operating beyond their startups. [referring to Context.ai] Vercel CEO Guillermo Rauch said in an
It is unclear whether Vercel employees’ use of the Context AI Office Suite is authorized or an example of shadow AI. Shadow AI refers to the unauthorized use of artificial intelligence (AI) tools within SaaS apps without formal IT review or vetting, exposing organizations to unanticipated risks. AI Office Suite has since been deprecated by Context.ai.
“OAuth integration is useful because it reduces friction,” Tanium says. “These are also dangerous because they can inherit trust from users and organizations. If an attacker exploits an authorized integration, they could bypass some of the controls your team relies on to directly compromise your account.”
“What stands out operationally is not the amount of data exposed, but the attacker’s speed and ability to enumerate the internal environment before being detected. This changes the defender’s job. The challenge shifts from defense to rapid scoping and reducing the blast radius.”
Source link
