The CEO of Vercel stated that a recent security incident was carried out by a “highly sophisticated” hacking group, possibly leveraging artificial intelligence, which compromised internal systems and led to the exposure of some customer credentials.
“We believe the attacking group is highly sophisticated, and I strongly suspect that AI has greatly accelerated their attacks,” said CEO Guillermo Rauch on Twitter, adding that the attackers “moved at an astonishing pace and had deep knowledge of Vercel.”
The company, a cloud platform for developers, said on Sunday that it discovered unauthorized access to some of its internal systems and is actively investigating. The incident affected some customers whose credentials were compromised, and the company advises customers to rotate their credentials immediately.
This security vulnerability originated from a third-party AI tool, Context.ai, used by a Vercel employee, which was compromised. Attackers exploited this tool to take over the employee’s Google Workspace account and gained access to certain Vercel environments and non-sensitive environment variables.
This disclosure highlights growing concerns about security risks posed by third-party integrations and AI tools, as attackers increasingly exploit supply chain vulnerabilities to infiltrate organizations.
Vercel and cryptocurrency
Natalie Newson, a senior blockchain security researcher at CertiK, told Decrypt that this incident has particularly drawn the attention of cryptocurrency developers. "Since many cryptocurrency frontends use Vercel to host their user interfaces, once compromised, attackers could embed malicious code designed to steal wallet funds. Users interacting with what appears to be a trusted page would not expect any malicious activity," she said, adding, "Vulnerabilities in the cryptocurrency space can lead to..." significant financial losses
Even though the smart contract remains secure, frontend breaches still pose a risk. “Frontend breaches are particularly harmful to end users,” she noted, emphasizing this point. In April, Niu Exchange experienced an incident in which users’ wallets were stolen of $316,000.
She said the upward trend in AI agents has led many users to release the latest applications and extensions to improve productivity, while malicious actors are also exploiting this trend. She stated, "Enterprises should exercise extra caution when using new AI applications and extensions, and review their internal security models to ensure that, even in the event of a security breach, the impact is minimized."
Rauh stated that the attack was carried out through “a series of methods,” beginning with compromised employee accounts, followed by gradual escalation to gain broader access to internal environments. Although Vercel statically encrypts customer environment variables, the company allows certain variables to be marked as non-sensitive, enabling the attackers to access them.
The company believes the number of affected customers is limited and states that it has prioritized contacting customers who may have been impacted. Vercel has since deployed additional monitoring and protection measures and reviewed its supply chain to ensure the security of projects such as Next.js and Turbopack.
Nillion CEO John Woods told Decrypt that this "limited subset" typically means the affected customer base observed so far appears limited, but this does not necessarily rule out broader internal spread or wider downstream risks. Woods said, "In modern cloud platforms, the scope of impact depends not only on how many customers are initially apparent but also on how far the compromised systems can reach in the background."
He recommended that businesses follow a series of best practices to avoid such situations: “Strengthen OAuth authorization security, adopt the principle of least privilege, enforce strict controls on sensitive environment variables, separate frontend deployment from key or signing permissions, and closely monitor deployments and logs.”
“For anyone whose credentials may have been compromised, the priority is to revoke access, rotate credentials, and review every system those credentials could have accessed,” he added, noting that “on a higher level, the lesson is to avoid architectures where a single breach could have widespread impact.”
It is currently unclear who orchestrated the attack. Screenshot A user from a hacker group called “ShinyHunters” claimed on a forum to have breached Vercel and is selling access to the company’s data, including source code, API keys, and internal systems.
The actor (who may also be impersonating ShinyHunters) claimed to have discussed a $2 million ransom demand with the company. Vercel has not yet commented.