Threat actors compromised AI tool vendor Context.ai and used stolen OAuth tokens to breach software security vendor Vercel, accessing some environments and environment variables that were not marked as sensitive. The incident underscores OAuth tokens and unsanctioned “shadow AI” tools as a growing attack surface and prompted Vercel to work with Mandiant while urging credential rotation and stronger OAuth governance. #Vercel #ContextAI
Keypoints
- Attackers stole OAuth tokens from Context.ai and used them to access some Vercel environments.
- A Vercel employee’s over‑permissive “Allow All” OAuth grant enabled the breach.
- Vercel says variables marked “sensitive” were protected but recommends impacted customers rotate credentials.
- Context.ai traced the compromise to its deprecated Office Suite and closed the AWS environment; its Bedrock platform is unaffected.
- Security experts warn OAuth tokens are a growing attack surface and urge admin‑managed consent, least privilege, and AI governance.
Read More: https://www.darkreading.com/application-security/vercel-employees-ai-tool-access-data-breach