Vercel has disclosed that it recently identified additional customer accounts that were compromised in a significant security incident that resulted in unauthorized access to its internal systems. This revelation follows an extensive investigation which broadened to include various compromise indicators, along with an analysis of network requests and logs detailing environment variable access.
The company reported uncovering a limited number of accounts indicating prior compromises that are unrelated to the recent breach, suggesting these may have originated from social engineering tactics, malware, or similar methods. Vercel confirmed that it has notified the impacted customers, although the exact number affected has not been disclosed.
This incident unfolds against the backdrop of a breach that originated from Context.ai, a tool used by a Vercel employee. The breach allowed attackers to access the employee’s Google Workspace account, which was then employed to infiltrate Vercel’s systems. Following this, the attackers managed to navigate through Vercel’s environment, which led to the enumeration and decryption of non-sensitive environment variables.
Subsequent investigations by Hudson Rock suggest a Context.ai employee had been infected with a variant of malware known as Lumma Stealer earlier this year after searching for potentially malicious scripts, positioning this infection as a pivotal point in the sequence of attacks. Vercel’s CEO, Guillermo Rauch, indicated that this incident illustrates a broader issue, revealing that the threat actor continued their activities beyond the initial compromise of Context.ai, raising concerns about the distribution of malware targeting systems to extract sensitive data.
The question remains about whether the use of the Context AI Office Suite by Vercel employees was formally sanctioned or if it falls under the category of shadow AI—where unauthorized AI applications are utilized without oversight from IT departments, potentially exposing organizations to further risk. Notably, the AI Office Suite has since been deprecated by Context.ai.
Experts have pointed out the risks associated with OAuth integrations, which can lower barriers for users but also create vulnerabilities by inheriting trust from both individuals and organizations. When exploited by an attacker, these integrations might bypass standard security protocols, complicating detection efforts. Vercel emphasized that the incident is less about the sheer volume of exposed data and more about the rapid activities of the attackers, which highlights a shift in focus for cybersecurity professionals from prevention to rapid response and containment.