Vercel Breach Traced to Compromised AI Tool OAuth

Vercel confirmed a breach after attackers began listing stolen API keys, source code, and database records on a cybercrime forum. The intrusion path is notable - hackers compromised Context AI, an external tool integrated into Vercel's workflow, then used it to access a staffer's Google Workspace via OAuth tokens. Hundreds of users across multiple organizations were potentially affected. The attack vector is a textbook example of what happens when agentic AI tools get broad OAuth scopes inside developer infrastructure. Supply chain attacks through AI integrations are becoming a distinct category of risk, separate from traditional dependency or CI/CD compromises - and most companies have not yet built review processes around them.