A Vercel employee connected an AI tool with admin-level OAuth permissions. Then Context.ai got hacked. Now 2 million dollars in stolen data sits on the market.
Hi, my name is Tom Smykowski, I'm a staff full-stack engineer. I build and scale SaaS platforms to millions of users, working end-to-end from system architecture to frontend to mobile. On this blog I write about security incidents and lessons developers can learn from them.
There has been a streak of security incidents lately. Maybe it is the layoffs. Maybe it is the rush to adopt AI everywhere. Maybe it is just bad luck. Or maybe we are finally seeing the consequences of years of shortcuts.
Vercel hosts millions of projects. It is not a niche platform. Developers use it to deploy websites and apps. It is fast, convenient, and trusted.
And now someone is selling data stolen from Vercel for 2 million dollars.
How Did This Happen?
The chain of events started with an AI tool called Context.ai. A Vercel employee used it and granted OAuth access to Vercel's Google Workspace with "allow all" permissions.
Context.ai's system got compromised through their AWS infrastructure. The attacker stole an OAuth token with full Google Workspace permissions.
The token allowed access to Vercel environments and environment variables not marked as sensitive. Environment variables typically store API keys, database credentials, and authentication tokens for services like Stripe, AWS, OpenAI, and PostgreSQL.
The full article includes a complete 10-point security playbook covering permission design, encryption strategies, rotation procedures, and monitoring practices you can implement today.