By Boluwatife Oshadiya | May 8, 2026
Key Points
- Vercel confirms security incident originating from third-party AI platform Context.ai used by an employee
- Attackers accessed non-sensitive environment variables containing customer deployment secrets
- NITDA’s CERRT.NG issues advisory urging Nigerian users to rotate credentials and strengthen controls
Main Story
Cloud platform Vercel has disclosed a cybersecurity breach that began with the compromise of a third-party artificial intelligence tool, exposing non-sensitive customer environment variables and highlighting vulnerabilities in AI supply-chain integrations.
The incident, publicly detailed in April 2026, stemmed from attackers compromising Context.ai, an external AI platform. A Vercel employee had connected a corporate Google Workspace account to Context.ai’s “AI Office Suite,” granting broad OAuth permissions. Attackers, leveraging stolen OAuth credentials following a Lumma Stealer malware infection at Context.ai, impersonated the employee, accessed Vercel’s internal systems, and enumerated/decrypted environment variables not marked as “sensitive.”
Vercel stated it discovered unauthorised access to certain internal systems and responded by engaging incident response experts, law enforcement, and partners including Mandiant. The company confirmed that sensitive environment variables (those explicitly marked as sensitive and encrypted at rest) were not compromised, and its core services remained operational. No evidence was found of tampering with npm packages such as Next.js or Turbopack.
Forensic review identified a limited subset of initially affected customers, with additional accounts later uncovered. Vercel notified those impacted and recommended immediate credential rotation. Claims by actors linked to ShinyHunters of selling stolen data for around $2 million circulated on underground forums, though the full scope remains under investigation.
The Issues
The breach underscores the expanding attack surface created by “shadow AI” tools and third-party OAuth integrations that often bypass traditional enterprise security controls. Environment variables frequently store API keys, database credentials, and other deployment secrets essential to modern cloud applications. When not properly classified and protected, they become high-value targets in supply-chain attacks.
This incident adds to a pattern of sophisticated actors exploiting trusted SaaS platforms and browser-based tools rather than attacking hardened perimeters directly. For Nigerian organisations increasingly adopting cloud and AI services, it highlights risks from unmanaged employee tools and the need for stricter governance over third-party permissions.
What’s Being Said
“The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to that employee’s Vercel account. From there, they were able to pivot into a Vercel environment,” Vercel stated in its official security bulletin.
NITDA, through its Computer Emergency Readiness and Response Team (CERRT.NG), warned organisations using Vercel or connected services to take urgent action against risks including malicious code injection, data theft, and supply-chain compromise.
Cybersecurity analysts described the attackers as highly sophisticated, noting their rapid exploitation of the OAuth chain and understanding of Vercel’s architecture.
What’s Next
Vercel has introduced product enhancements including stronger environment variable protections, improved logging, and better visibility into security configurations. Affected customers have been contacted directly.
NITDA’s advisory remains active, with ongoing monitoring expected. Google Workspace administrators worldwide are urged to review and revoke the compromised OAuth client ID: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.
The Bottom Line
This supply-chain attack via a seemingly innocuous AI productivity tool demonstrates how quickly credentials can cascade across platforms. Nigerian businesses and developers on Vercel or similar services should treat the incident as a wake-up call to audit OAuth grants, enforce strict secret management, and limit “Allow All” permissions—practices that separate resilient organisations from the next headline.
