Vercel Breach Originated from Context AI OAuth Compromise — Customer Credentials Stolen
TechCrunch·medium signal
Vercel confirmed a security incident traced to a breach at Context AI. A Vercel employee downloaded a Context AI app and connected it to their corporate Google account via OAuth; attackers used that connection to access Vercel internal systems and unencrypted credentials. Customer data was stolen. The attack chain highlights the growing risk of OAuth-based supply chain compromises in AI tooling ecosystems.