Skip to main content

VercelVercel suffered data breach via compromised third-party AI tool, exposing employee records, API keys, and customer credentials

Between April 18-20, 2026, Vercel suffered a data breach originating from a compromise of Context.ai, a third-party AI productivity tool. A Context.ai employee downloaded malware (Lumma Stealer), leading to credential theft and OAuth token compromise that gave attackers access to Vercel internal systems. Approximately 580 employee records, API keys, database credentials, source code, internal dashboards, and limited customer credentials were compromised. An attacker claiming to be 'ShinyHunters' demanded $2 million ransom. CEO Guillermo Rauch said the attack was 'significantly accelerated by AI.'

Scoring Impact

TopicDirectionRelevanceContribution
Data Security-againstprimary-1.00
User Privacy-againstsecondary-0.50
Overall incident score =-0.322

Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.57)× agency (negligent ×0.5)

Evidence (1 signal)

Confirms product_decision Apr 20, 2026 documented

TechCrunch reported Vercel confirmed security incident via breach at third-party AI tool Context.ai

TechCrunch reported on April 20, 2026 that Vercel confirmed a security incident where customer data was stolen via a breach at Context.ai. ~580 employee records, API keys, source code, and limited customer credentials were compromised.

TechCrunch(opens in new tab),Cybersecurity News(opens in new tab)

Related: Same Topics

Flutterwave · Lost ₦11 billion ($7M+) in security breach as perpetrators illegally transferred funds
Computacenter · Allegedly fired manager who reported Deutsche Bank security breach
LY Corporation · Suffered major data breach affecting 520,000 users due to shared infrastructure with Korean parent
ByteDance · China-based ByteDance employees repeatedly accessed nonpublic data of US TikTok users
Coinbase · Insider data breach exposed 69,461 customers' sensitive data, costing $355+ million