{"id":204119,"date":"2026-04-20T11:49:00","date_gmt":"2026-04-20T15:49:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/20\/vercel-systems-targeted-after-third-party-tool-compromised\/"},"modified":"2026-04-20T12:20:11","modified_gmt":"2026-04-20T16:20:11","slug":"vercel-systems-targeted-after-third-party-tool-compromised","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/20\/vercel-systems-targeted-after-third-party-tool-compromised\/","title":{"rendered":"Vercel systems targeted after third-party tool compromised"},"content":{"rendered":"

Vercel systems targeted after third-party tool compromised<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/vercel-customers-targeted-after-third-party-tool-compromised\/817949\/<\/a><\/p>\n

Publish Date: 2026-04-20 11:49:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Vercel, a cloud development platform, said that some of its internal systems were accessed after a third-party tool called Context.ai was compromised while being used by one of Vercel\u2019s employees, according to a blog post released Sunday.
\nVercel is widely known as the creator of Next.js, which is the open-source framework for React.\u00a0
\nThe attacker was able to take over the employee\u2019s Vercel Google Workspace account and access certain company \u201cenvironments and environment variables\u201d that were not designated as \u201csensitive.\u201d
\nVercel said that a limited number of customers had their credentials compromised during the attack, and that they have been notified. They were urged to immediately rotate credentials.\u00a0
\nThe company said it believes the attacker is highly sophisticated, based on an assessment of their \u201coperational velocity and detailed understanding of Vercel\u2019s systems.\u201d
\nVercel is working with Mandiant, the incident response unit of Google, as well as other outside companies and law enforcement.\u00a0
\nContext on Sunday said there was an attack in March where a hacker gained access to the company\u2019s Amazon Web Services environment, according to a blog post.\u00a0<\/p>\n

The hacker appears to have compromised OAuth tokens for some of Context\u2019s consumer users. At least one employee at Vercel signed up for AI Office Suite, a Context product that allows consumers to work with AI agents to build presentations and other documents.\u00a0
\nContext said that Vercel is not one of its enterprise customers, but at least one of its employees used their Vercel corporate email to sign up for the AI Office Suite product. The employee granted \u201callow all\u201d permissions, which opened wide access to Vercel\u2019s Google Workspace environment.\u00a0
\nContext has been working with those who were impacted and is coordinating with CrowdStrike to validate its containment efforts.\u00a0
\nContext, which said the consumer product was separate from its enterprise product, shut down the AWS environment.\u00a0
\nJeff Pollard, vice president and principal analyst at Forrester, said the attack is a reminder about concerns about third-party risk management and permissions related to AI.
\n\u201cThis definitely highlights that as AI-related tools spread through an environment, OAuth will remain one of the key elements of the attack surface,\u201d Pollard told Cybersecurity Dive. \u201cThat isn\u2019t about the inherent security flaws of AI applications, it\u2019s more about AI tools requiring permissions to be as valuable as possible.\u201d<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Vercel systems targeted after third-party tool compromised https:\/\/www.cybersecuritydive.com\/news\/vercel-customers-targeted-after-third-party-tool-compromised\/817949\/ Publish Date: 2026-04-20 11:49:00 Source Domain: www.cybersecuritydive.com…<\/p>\n","protected":false},"author":1,"featured_media":204120,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/WpIABwRSu59JlP4pIKu0tCRzF3nyN8z-MRARC3uCrAA\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMjE2MTkwODA5LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,35],"class_list":["post-204119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-hacker"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/204119"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=204119"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/204119\/revisions"}],"predecessor-version":[{"id":204121,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/204119\/revisions\/204121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/204120"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=204119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=204119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=204119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}