On Saturday night, Vercel - the cloud hosting platform used by hundreds of thousands of small businesses, indie developers, and startups to deploy websites and web apps - confirmed it had been breached.

The attackers did not crack Vercel's infrastructure directly. They got in through a third-party AI tool.

The tool is called Context.ai, and a Vercel employee had it connected to their Google Workspace account. When Context.ai was compromised, the attacker used that foothold to take over the employee's Google account, then pivoted into Vercel's internal environments, where they were able to read environment variables that were not flagged as "sensitive."

In plain English: they may have accessed the secret codes - API keys, database passwords, third-party service credentials - that live inside Vercel project settings.

Vercel CEO Guillermo Rauch confirmed the sequence of events in a post on X. The company described the attacker as "highly sophisticated based on their operational velocity and detailed understanding of Vercel's systems." They are working with Mandiant, additional cybersecurity firms, and law enforcement.

A threat actor claiming to be part of the group ShinyHunters has posted on hacking forums claiming to sell the stolen data. Individuals linked to the actual ShinyHunters group have denied involvement to BleepingComputer, suggesting this may be a copycat actor. Either way, the breach itself is confirmed.

Vercel says its services remain fully operational. Its open source projects - Next.js and Turbopack - are unaffected.

What "Environment Variables" Actually Means

If you have a website built on Vercel, or your developer deployed your app there, environment variables are the behind-the-scenes configuration your app uses to connect to other services.

Examples of what lives in environment variables:

• Your Stripe API key (controls payments)
• Your database connection string (controls data access)
• Your email service API key (Sendgrid, Postmark, Mailgun)
• Your OpenAI API key (controls AI feature costs)
• Your CMS authentication tokens (Contentful, Sanity, etc.)

Vercel says that environment variables you had explicitly marked as "sensitive" in their dashboard were stored encrypted and were not accessible to the attacker. Variables that were NOT marked sensitive - which is the default for most projects - may have been read.

If any of those contain real credentials, and the attacker has them, they can potentially:

• Charge fraudulent payments or drain your Stripe account
• Access and export your customer database
• Run up large API bills in your name
• Send emails impersonating your business

What to Do Right Now

Vercel has published an official advisory at vercel.com/kb/bulletin/vercel-april-2026-security-incident. Their recommended steps:

1. Log in to your Vercel dashboard. Go to your environment variables page and look at every single one. If it contains anything that looks like a password, API key, or token - treat it as compromised.

2. Rotate those credentials. This means generating new API keys in each of the affected services (Stripe, your database provider, email service, etc.) and updating them in Vercel. The old keys should be revoked.

3. Enable "sensitive" designation going forward. Vercel has a feature specifically for this. Use it for anything that is a secret. They updated their dashboard this weekend to make this easier.

4. Check your activity logs. Vercel has an activity log in the dashboard and via their CLI. Look for anything unusual - unexpected deployments, access from unfamiliar IP addresses, configuration changes you did not make.

5. If you were not directly contacted by Vercel, that means they do not currently believe your credentials were specifically targeted. But rotating keys is still the right move given the breach.

The Bigger Story Here

The entry point was not Vercel's code. It was Context.ai - an AI productivity tool a developer had connected to their work account.

This pattern is worth taking seriously if you run a business. The explosion of AI tools in the past two years has led to a second explosion of AI tool integrations - apps connected to your Google Workspace, your email, your calendar, your internal systems. Every one of those integrations is a potential surface for exactly this kind of attack.

You do not need to panic or stop using AI tools. But you should know what is connected to what.

A few questions worth asking this week:

What third-party apps have access to my Google Workspace? You can audit this at myaccount.google.com/security under "Third-party apps with account access."

What AI tools have my developers connected to their work accounts? Many AI coding assistants, documentation tools, and productivity apps request access to internal systems. If those tools get breached, your internal systems go with them.

Are your contractors and freelancers using personal accounts for work? Personal accounts connected to business systems are harder to audit and revoke.

None of this requires a corporate IT department. It requires about 20 minutes and the willingness to look.

Vercel is not alone in being a target. They are one of thousands of companies running critical business infrastructure for small businesses. The lesson from this weekend is not that Vercel failed. It is that the chain of trust in software now runs through AI tools - and that chain needs to be checked.

Source: Vercel Security Bulletin, April 2026; BleepingComputer investigation; CEO statement via X @rauchg