An AI Tool Had OAuth to Their Whole Google Workspace. Then Vercel Got Breached.
A Vercel employee signed up for an AI tool. They clicked Allow All on the OAuth consent screen. Three weeks later, customer environment variables were sitting on a hacker's drive with a $2 million asking price. The tool was Context.ai, an enterprise AI platform that builds agents trained on company knowledge. The breach did not start at Vercel. It started two layers underneath, at Context.ai, where one of their employees downloaded a Lumma Stealer infected Roblox cheat script. The attacker pulle
Comment
Sign in to join the discussion.
Loading comments…