Vercel CEO blames highly sophisticated AI for speeding up the massive internal data breach

Vercel CEO Guillermo Rauch says the attackers who breached his company's internal systems were "significantly accelerated by AI."

Rauch walked through the whole mess himself with a post on X. A Vercel engineer had been using an AI platform called Context.ai. Attackers compromised that platform's Google Workspace OAuth app -- one that hundreds of other organizations had also authorized. Once they had the employee's account, they pivoted into Vercel's environments.

The company stores all customer environment variables encrypted at rest. But it also lets users mark some as "non-sensitive." That's where the attackers got traction. They enumerated those variables and moved with surprising velocity, with an in-depth understanding of how Vercel works.

Interestingly, Rauch's AI claim comes at a time when exploit-finding models like Claude Mythos have also been getting attention, which makes the idea sound less far-fetched on the surface, even if there is still no public evidence tying any specific model to the Vercel breach.

"For now, we believe the number of customers with security impact to be quite limited," Rauch wrote. The team has already reached out to the ones they're worried about. Next.js, Turbopack, and the open-source projects stayed untouched.

You can read the official Vercel security bulletin for a deeper breakdown of how the technical side of the intrusion actually worked.

A threat actor impersonating the ShinyHunters group listed the data for sale on BreachForums for $2 million.

Chat logs obtained by International Cyber Digest show Vercel telling the impostors they won't pay. The real ShinyHunters have already denied any involvement.

Google deleted the compromised OAuth app. Security researcher Jaime Blasco tied it directly to Context.ai after spotting a now-removed Chrome extension linked to the same client ID.

That said, Vercel, for its part, didn't wait around. By the time Rauch hit send on his thread, the company had already shipped two new dashboard features: an overview page for all environment variables and a cleaner UI for marking them sensitive. Rauch called it part of turning the attack into "the most formidable security response imaginable."

Still, some comments suggest that there might be more to this timeline. One user reported receiving an alert from OpenAI about a compromised key way back on April 10. Since that key was only used inside Vercel, it strongly suggests the breach happened over a week ago.

There's still no official comment on this, so it's still up in the air about when the breach took place exactly.

For now, Google Workspace admins can manually check and see if they might have been compromised. The check is simple: head to the Admin Console, go to Security > API Controls > Manage app access, and filter for the client ID 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com. If it shows up, revoke it.

Vercel is still investigating with outside firms and law enforcement. Rauch said they've looped in Context.ai and Google's Mandiant team to help other companies. For everyone else using Vercel, the advice is straightforward: rotate secrets, treat every env var as potentially exposed, and start using the new sensitive-variables tools.