$2M in Bitcoin for Vercel's source code, database, and GitHub tokens.
That's the price tag on this dark web listing. Posted yesterday.
Vercel is a $9.3B company that powers millions of production websites and maintains Next JS (6M downloads every week).
How did attackers get in?
ONE Vercel employee was using a small third-party AI tool called Context AI.
That AI tool had a Google Workspace OAuth grant. The AI tool got compromised. Attackers took over the employee's Google Workspace.
Pivoted into Vercel's internal environments. Enumerated environment variables marked "non-sensitive." Escalated access. Walked out with 580 employee records as proof.
Vercel's CEO Guillermo Rauch described the attackers as "highly sophisticated, and I strongly suspect significantly accelerated by AI."
This is the new attack surface.
Every AI tool your team has connected to Gmail, Drive, Slack, or your CRM is a potential backdoor into your entire business.
Most founders have no idea how many OAuth apps their team has approved in the last 12 months.
What to do today:
1. Google Workspace admins → Security → API Controls → App Access Control → audit every third-party app with broad scopes
2. Individual users → Security → Third-party apps → revoke anything you don't actively use
3. Block this specific OAuth client ID (the one used in the Vercel attack): 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj(.)apps(.)googleusercontent(.)com
4. Rotate any API keys, tokens, or database credentials that weren't stored in a protected secrets manager
5. Audit every AI tool your team signed up for this year. If nobody's actively using it, revoke access.
---
Every AI tool is a new door into your company.
Some of them don't have locks.
www.facebook.com
vercel.com
