Vercel Breach Started With AI Tool

Vercel Breach Started With AI Tool

Cybersecurity Today

B1April 22, 202610 min
Play

Vercel Supply-Chain Breach via AI Tool, Meta Sued Over Scam Ads, and Ransomware Surges with "The Gentleman" David Shipley covers new details on the Vercel breach, which began when an employee used the third-party AI tool Context AI; after Context AI was breached, attackers leveraged Google OAuth access to pivot into Vercel systems and enumerate unencrypted "non-sensitive" environment variables that contained usable secrets, with a hacker claiming Vercel data and source code and demanding $2M, while Vercel says Next.js and other open-source projects are safe and shares Google OAuth indicators of compromise. The episode also discusses...

Episodes · Cybersecurity Today

Vercel Breach Started With AI Tool – Cybersecurity Today | FlexiLingo | FlexiLingo