A recent security incident has brought attention to growing risks in the AI ecosystem, as cloud platform Vercel confirmed a breach involving unauthorised access to its internal systems.
The company stated that a limited number of customers were impacted, and services remained unaffected. The breach was linked to attackers exploiting a third-party AI tool, Context AI, to gain entry into certain internal systems.
“We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses,” the company said in its official disclosure dated April 19.
Vercel, known for maintaining Next.js, operates a serverless platform that supports front-end development, edge computing, and CI/CD workflows.
The incident points to a broader trend of attackers targeting AI tools for supply chain attacks. Recently, open-source AI projects such as Axios, LiteLLM, and Trivy have also been compromised, impacting dependent organisations.
The breach comes as AI capabilities continue to evolve. Earlier this month, Anthropic revealed it developed an AI model called Claude Mythos but did not release it due to potential cybersecurity risks.
According to CEO Guillermo Rauch, the attack began after a Vercel employee’s Google Workspace account was compromised through the Context AI breach. The attackers then accessed Vercel systems and retrieved environment variables that were not marked as sensitive and therefore not encrypted.
“We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel,” Rauch said. “All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitisation of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community,” he added.
In response, Vercel has updated its dashboard to improve visibility and management of environment variables. Customers have been advised to review their settings and enable encryption for sensitive data.
Meanwhile, hacker group ShinyHunters has claimed responsibility and reportedly attempted to sell stolen data, including access keys, source code, and database information. The group allegedly shared a file containing 580 employee records and claimed ransom discussions worth $2 million. However, the company has not confirmed their involvement.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
