In April 2026, Vercel, the company that maintains Next.js and is widely used for AI apps and Web3 frontends, was the victim of a supply chain attack. The attacker gained access to the organization’s environment and compromised internal and “non-sensitive” customer data.
Inside the Attack
The Vercel breach included a supply chain attack targeting Context.ai, an AI productivity tool. The company’s environment was compromised by an attacker, who stole credentials from it. The company had identified and terminated unauthorized access to its AWS environment in March, and its Chrome extension was removed from the Chrome Web Store on March 27th due to an embedded OAuth grant for access to users’ Google Drive files.
A Vercel employee signed up for the app using their employee credentials while giving it “Allow All” permissions. With the employee’s credentials, the attacker could access the employee’s Google Workspace account via a valid OAuth token issued to Context.ai. From there, the attacker was able to pivot to other corporate systems via single sign-on, including corporate issue trackers, internal environments, and admin tools.
While the majority of Vercel’s customer data was protected by encryption, some information not marked as sensitive was not protected. Environment variables that some customers marked as non-sensitive included API keys that provided access to various third-party services and were compromised by the attacker. Impacted accounts included AWS, Azure, GCP, GitHub, Stripe, Twilio, SendGrid, and similar services.
The group behind the attack offered Vercel data for sale on the Dark Web for $2 million. While the group claimed to be a part of ShinyHunters, known members of the group denied this.
Lessons Learned from the Attack
The Vercel breach is the latest in a string of attacks using supply chain exploits to gain access to major organizations. Some attacks targeted open source code (such as npm repos), while this attack used a breached AI productivity tool as an entry point into Vercel’s environment. The fact that the tool was connected to the corporate SSO and granted far-reaching permissions allowed the attacker access to other corporate software and systems.
Companies that are believed to be impacted by the breach should revoke and rotate any API keys that might have been compromised by the attacker. Additionally, organizations should review authorized and unauthorized tool usage to identify third-party apps and software that could pose a supply chain risk to the business.