Vercel development platform compromised via third-party AI tool vulnerability

Vercel, a cloud development platform widely used to host and deploy web applications, confirmed on April 19, 2026 that it experienced a security breach. The company disclosed the incident via X (formerly Twitter), stating that it impacted a 'limited subset' of its customer base, though no specific number was provided.

An individual claiming membership in ShinyHunters—the hacking group linked to the Rockstar Games breach—posted employee data from Vercel online, including names, email addresses, and activity timestamps. The same actor indicated intent to sell additional stolen data, though Vercel did not specify what further information may have been exposed.

In its security advisory, Vercel traced the compromise to a third-party AI tool whose Google Workspace OAuth app had been compromised in a broader attack. The company did not name the specific tool or vendor involved, but noted the breach potentially affected hundreds of users across multiple organizations using the same OAuth app.

Vercel's response guidance instructed administrators to audit activity logs for suspicious access, rotate environmental variables including API keys and tokens, and immediately review Google Workspace settings to identify and remove unauthorized third-party app integrations. The company also published indicators of compromise to help the broader security community assess their own exposure.