{"id":233401,"date":"2026-04-20T11:49:00","date_gmt":"2026-04-20T15:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/20\/ai-cloud-company-vercel-breached-after-employee-grants-ai-tool-unrestricted-access-to-google-workspace-hacker-seeking-2-million-for-stolen-data\/"},"modified":"2026-04-20T12:35:08","modified_gmt":"2026-04-20T16:35:08","slug":"ai-cloud-company-vercel-breached-after-employee-grants-ai-tool-unrestricted-access-to-google-workspace-hacker-seeking-2-million-for-stolen-data","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/20\/ai-cloud-company-vercel-breached-after-employee-grants-ai-tool-unrestricted-access-to-google-workspace-hacker-seeking-2-million-for-stolen-data\/","title":{"rendered":"AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace \u2014 hacker seeking $2 million for stolen data"},"content":{"rendered":"

AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace \u2014 hacker seeking $2 million for stolen data<\/a><\/p>\n

https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/vercel-breached-after-employee-grants-ai-tool-unrestricted-access-to-google-workspace<\/a><\/p>\n

Publish Date: 2026-04-20 11:49:00<\/a><\/p>\n

Source Domain: www.tomshardware.com<\/a><\/p>\n

Vercel, the cloud platform behind the widely used Next.js web framework, has acknowledged a security breach after an attacker compromised a third-party AI tool called Context.ai and used it to gain access to a Vercel employee’s enterprise Google Workspace account.<\/p>\n

The breach exposed non-sensitive environment variables, and a threat actor operating under the ShinyHunters name has claimed responsibility, reportedly seeking $2 million for the stolen data. Vercel said it has engaged Google-owned incident response firm Mandiant, notified law enforcement, and contacted a limited subset of affected customers directly.<\/p>\n

According to Vercel\u2019s bulletin, the breach didn\u2019t start with them but instead with Context.ai, an enterprise AI platform that builds agents trained on company-specific knowledge. At least one Vercel employee had signed up for Context.ai’s AI Office Suite using their corporate account and granted it “Allow All” OAuth permissions, Context.ai explained in its own security notice, which says that \u201cVercel\u2019s internal OAuth configurations appear to have allowed this action to grant these broad permissions in Vercel\u2019s enterprise Google Workspace.\u201d The attacker exploited that broad access to take over the employee’s Vercel Google Workspace account and move laterally into internal systems.<\/p>\n

Article continues below <\/span>
\n
\n You may like
\n <\/span><\/p>\n

Cybersecurity firm Hudson Rock claims to have traced Context.ai’s own compromise back further to an employee infected by Lumma Stealer malware after downloading Roblox game exploit scripts in February. The stolen credentials reportedly included Google Workspace logins along with keys for Supabase, Datadog, and Authkit, Hudson Rock reported, but Vercel hadn\u2019t independently confirmed this at the time of writing.<\/p>\n

Context.ai also acknowledged that it detected and blocked unauthorized access to its AWS environment in March, but said it later learned the attacker had also compromised OAuth…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace…<\/p>\n","protected":false},"author":1,"featured_media":233402,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.mos.cms.futurecdn.net\/JFVbbhwRYVQX9SY26qM8bd-2000-80.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,30,96,32,57,34],"class_list":["post-233401","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-breach","tag-hackerexploit","tag-malware","tag-security","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233401"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233401"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233401\/revisions"}],"predecessor-version":[{"id":233403,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233401\/revisions\/233403"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/233402"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}