Cloud hosting provider Vercel has confirmed a security incident involving unauthorized access to internal systems and a limited subset of customer credentials. The breach was reportedly initiated through a compromised third-party AI tool used by a Vercel employee, which led to unauthorized access to the employee's Google Workspace account and subsequently Vercel's internal systems.
Vercel CEO Guillermo Rauch stated the attackers demonstrated a sophisticated and rapid approach, potentially accelerated by AI, with a detailed understanding of Vercel's infrastructure. The company has implemented extensive security measures and is advising customers on best practices for credential rotation and environment monitoring.
Vercel is known for its popularity among crypto projects and has assured the community that its core open-source projects remain secure.