News linked to both this project and an event.
Vercel CEO Guillermo Rauch (@rauchg) announced that Vercel is conducting an in-depth investigation into the April 2026 security incident. The investigation revealed that the attackers initially breached Vercel’s systems via Context.ai’s account—a startup—but their activities extended far beyond this initial intrusion. Threat intelligence indicates that the attackers distributed malware to steal Vercel account credentials and API keys from other service providers, then used those keys to rapidly and extensively enumerate non-sensitive environment variables. To trace the root cause, Vercel has processed nearly 1 petabyte of network and API logs. Vercel is collaborating with industry partners—including Microsoft, AWS, and Wiz—to respond jointly and has proactively notified other potentially affected parties, urging them to rotate credentials and adopt security best practices.
Vercel has released an analysis of a security incident, stating that certain internal systems were accessed without authorization. The breach originated from a third-party AI tool, Context.ai, used by an employee, which was compromised. Attackers leveraged this to take over the employee’s Google Workspace account and access some environment configuration data. Preliminary impact assessment indicates that a small number of customers’ environment variables—unmarked as “sensitive” (e.g., API keys, tokens)—may have been exposed. Affected users have been notified and advised to immediately rotate their credentials. At present, there is no evidence that data explicitly marked as “sensitive” or the supply chain (e.g., npm packages) has been tampered with. Vercel notes that the attackers demonstrated a high level of technical sophistication. The company is collaborating with Mandiant and multiple security organizations to investigate the incident and has filed a report with law enforcement. Vercel also confirms that its platform services remain fully operational. Users are advised to enable multi-factor authentication, comprehensively rotate potentially exposed environment variables, and review account activity logs and deployment records to mitigate further risk.