Vercel hacked

> $2M in Bitcoin for Vercel's source code, database, and GitHub tokens. > That's the price tag on this dark web listing. Posted yesterday. > Vercel is a $9.3B company that powers millions of production websites and maintains Next JS (6M downloads every week). > How did attackers get in? > ONE Vercel employee was using a small third-party AI tool called Context AI. > That AI tool had a Google Workspace OAuth grant. The AI tool got compromised. Attackers took over the employee's Google Workspace. > Pivoted into Vercel's internal environments. Enumerated environment variables marked "non-sensitive." Escalated access. Walked out with 580 employee records as proof. > Vercel's CEO Guillermo Rauch described the attackers as "highly sophisticated, and I strongly suspect significantly accelerated by AI." > This is the new attack surface. > Every AI tool your team has connected to Gmail, Drive, Slack, or your CRM is a potential backdoor into your entire business. > Most founders have no idea how many OAuth... > > Click to expand... Read more