bleepingcomputer.com
|
ksl
|
|
Vercel confirmed a breach after attackers began listing stolen API keys, source code, and database records on a cybercrime forum. The intrusion path is notable – hackers compromised Context AI, an external tool integrated into Vercel’s workflow, then used it to access a staffer’s Google Workspace via OAuth tokens. Hundreds of users across multiple organizations were potentially affected. The attack vector is a textbook example of what happens when agentic AI tools get broad OAuth scopes inside developer infrastructure. Supply chain attacks through AI integrations are becoming a distinct category of risk, separate from traditional dependency or CI/CD compromises – and most companies have not yet built review processes around them.
