Vercel, the cloud platform that powers millions of websites including a massive chunk of the AI startup ecosystem, just confirmed it got hacked. The entry point? A third-party AI tool that had Google Workspace OAuth access to a Vercel employee's account.

Let that sink in. An AI productivity tool that was supposed to make someone's workday easier instead gave attackers a backdoor into one of the most important pieces of internet infrastructure in existence.

How It Happened

Vercel CEO Guillermo Rauch laid out the timeline on X. A small AI platform called Context.ai suffered a broader compromise of its Google Workspace OAuth application. Because a Vercel employee had granted that app access to their Google account, the attackers were able to pivot from Context.ai into Vercel's internal systems.

Once inside, the attackers escalated access and started enumerating environment variables. Here is where it gets ugly. Vercel stores all customer environment variables encrypted at rest. But it also has a feature where variables can be marked as "non-sensitive," meaning they are not encrypted. The attacker found and accessed those unencrypted variables.

Environment variables are where developers store their secrets: API keys, database credentials, authentication tokens, signing keys. If you have ever deployed anything on Vercel and did not explicitly mark your secrets as "sensitive," those values should now be treated as potentially exposed.

The ShinyHunters Connection

A threat actor claiming to be part of the notorious ShinyHunters group posted on a hacking forum that they had breached Vercel and were selling access to company data. BleepingComputer reports that actual members of ShinyHunters have denied involvement, so the attribution is murky. But the data is apparently real enough that Vercel has confirmed the breach, engaged incident response experts, and notified law enforcement.

Vercel says a "limited subset" of customers was directly impacted. But the company is advising all customers to rotate their environment variables, review activity logs for suspicious behaviour, and check recent deployments for anything unexpected.

The Bigger Story: AI Tools as Attack Vectors

This is the story underneath the story. Every startup, every developer, every enterprise that has plugged an AI tool into their workflow via OAuth has just been handed a case study in why that might be a terrible idea.

Context.ai is a small company. Small companies have small security teams. But the OAuth permissions they requested gave them access to Google Workspace accounts at companies like Vercel. When Context.ai got compromised, every organization that had granted it access became a target. Vercel says the compromised OAuth app potentially affected "hundreds of users across many organizations."

This is supply chain security 101, except the supply chain is now made of AI tools that employees install without security review because they look harmless and promise productivity gains. Every company that waved through an AI tool's OAuth request in the last two years should be auditing those permissions right now.

What You Should Do

Vercel has published the compromised OAuth app identifier: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com. Google Workspace administrators should check immediately whether this app has been authorized in their organization.

For Vercel customers: review and rotate environment variables, especially any that were not marked as sensitive. Check activity logs and recent deployments. Enable the sensitive environment variables feature going forward.

Vercel has confirmed that Next.js, Turbopack, and its other open-source projects remain uncompromised. So the framework itself is fine. But if you built something on top of it and stored your secrets in Vercel without marking them sensitive, the time to rotate those credentials is right now. Not tomorrow. Now.