How Vercel Was Hacked Through an AI Tool | context.ai Breach Explained | OAuth, NPM Tokens & Next.js

Описание: Vercel — the company powering a huge portion of modern web apps — was reportedly accessed through a third-party AI tool. And the way it happened is something every developer, founder, and team using AI tools needs to understand.

This wasn’t a traditional hack.

No firewall breach.
No zero-day exploit.

Instead, the entry point was context.ai, an AI productivity tool that had been given OAuth access to Google Workspace accounts. Like most AI tools, it was connected to emails, documents, and internal data to help teams move faster.

But when the tool itself was compromised, those permissions became the attacker’s access.

In this video, we break down:
– How the Vercel incident reportedly happened
– What OAuth permissions actually mean (and why they’re risky)
– The role of context.ai in the breach
– What data was allegedly exposed (employee records, source code, internal databases)
– Why API tokens, GitHub tokens, and NPM tokens are extremely sensitive
– How this could impact the Next.js ecosystem and modern web apps
– The growing cybersecurity risks of AI integrations
– What developers and companies should learn from this

This isn’t just about one company.

This is about how quickly we’re connecting AI tools to everything — often without fully understanding the level of access we’re granting.

If you’re using tools that connect to your Google Workspace, GitHub, Slack, or internal systems, this is something you need to pay attention to.

Because the next “hack” might not look like a hack at all.