Vercel CEO: Security incident stemmed from a breach of Context.ai, an AI platform used by employees.

CoinFeed reported on April 20th that Vercel CEO Guillermo Rauch stated on the X platform that the team is currently conducting a full investigation into the company's security incident. The incident stemmed from a Vercel employee's use of the AI ​​platform client Context.ai, which was compromised. The attackers further gained access to the Vercel environment through the employee's compromised Google Workspace account. All customer environment variables stored by Vercel are fully encrypted, but the attackers exploited environment variables marked as "non-sensitive" by enumerating them. Vercel believes the attackers' techniques are highly sophisticated and may have significantly increased the speed and efficiency of the attack using AI. Currently, the number of affected customers is quite limited, and the affected customers have been contacted first.