
Summaries like this, in your inbox every morning.
Sign up free →A Vercel employee installed the Context.ai browser extension, which was then targeted by infostealer malware (malicious software that steals credentials). The attacker used the stolen OAuth credentials — a digital permission token that grants access to systems — to walk directly into Vercel's production environment. Vercel confirmed the breach on Sunday and brought in Mandiant (a cybersecurity firm) to investigate.
The attack succeeded because OAuth grants (permission tokens issued to third-party tools) sit invisible to most security teams — they can approve access but have no way to see what's already been granted, audit who installed it, or contain the blast radius when one tool gets compromised. Vercel now defaults all environment variables to 'sensitive' status, requiring explicit review before use, to catch future misuse faster.
For developers using Vercel-hosted npm packages (software libraries downloaded millions of times weekly), the good news: audits with GitHub, Microsoft, npm, and Socket found no compromised packages or leaked code. But for security teams and developers everywhere, this reveals a widespread gap — any employee's single decision to install an AI tool becomes a potential entry point to production systems, and most security tools cannot see or block it.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion




Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack