Vercel Breach: Context.ai OAuth Token Hijack Exposes Credentials
Vercel suffered a breach originating from a compromised third-party AI tool, Context.ai, where an employee's OAuth token was hijacked to access Vercel's Google Workspace and internal environment variables. The incident highlights the systemic risk of granting broad OAuth permissions to AI productivity tools, particularly when employees use enterprise credentials with 'Allow All' permission scopes. ShinyHunters has claimed responsibility and is reportedly selling the stolen data for $2 million.