A recent security incident involving Vercel has highlighted a growing and often overlooked cyber risk: third-party AI tools and supply chain attacks.
In this blog, we break down what happened, who was involved, what data was exposed, and what your organisation should be doing about it.
Who Are the Companies Involved?
Vercel
Vercel is a platform that helps businesses build and run websites and apps. Many modern websites rely on it behind the scenes to stay fast, secure, and available.
Context AI
Context AI builds tools that help businesses understand and improve how their AI systems perform.
These tools often connect to other systems to work properly, which is where the risk came in.
What Happened?
Step 1: The Initial Compromise (Context AI)
-An employee at Context AI downloaded a cheat tool for the game Roblox
-Hidden inside that download was malware (malicious software) designed to steal login details
-This malware quietly captured access to the employee’s accounts and systems
In other words:
A seemingly harmless download gave attackers the keys to Context AI’s systems.
Step 2: Access to Context AI Systems
-Using those stolen details, attackers gained access to Context AI’s internal systems
-They were able to see and collect information about users and connected accounts
-This included access to “trusted connections” between Context AI and other platforms
Step 3: Jumping to Vercel
-A Vercel employee had connected their work account to Context AI
-That connection gave Context AI certain permissions to access their account
The attackers took advantage of this and:
-Gained control of the employee’s account
-Used it to access parts of Vercel’s internal systems
Step 4: Accessing Internal Data
-Once inside, attackers were able to access some internal data and systems
-This included certain credentials and configuration data (essentially “behind-the-scenes” settings used to run systems)
-Some of this information has reportedly been put up for sale online, with a ransom demand of around $2 million
The Big Takeaway
What makes this incident so important is how simple the starting point was:
One unsafe download → one compromised employee → multiple companies affected.
This is a textbook example of a supply chain attack, where attackers don’t go straight for the main target, they work their way in through a smaller, connected company.
What Information Was Affected?
Reports suggest the attackers accessed some sensitive business data, including:
-Information used by apps to connect to services (API keys)
-Parts of website or application code
-Database Information
There were also reports of limited employee information being accessed, such as names and email addresses.
Vercel has said that only a small number of customers were affected, but the type of data involved means it’s still a serious incident.
Why This Matters
This breach highlights a few important lessons for all businesses:
1. Your Suppliers Can Be a Risk
Even if your own systems are secure, the tools you connect to can introduce risk.
2. “Connected Apps” Can Open Doors
Many businesses connect tools to their email or cloud systems to save time and improve productivity.
But each connection is effectively giving that tool permission to access part of your business.
3. AI Tools Are Powerful, but Need Care
AI tools are becoming more common, but they often require deeper access to your systems.
That makes them useful, but also something that needs to be carefully managed.
How to Protect Your Business
The good news is there are simple, practical steps you can take:
1. Review Connected Apps
Check which tools are connected to your systems (like Microsoft 365 or Google Workspace).
Remove anything you no longer use or don’t fully trust.
2. Limit Access
Only give tools access to what they actually need, nothing more.
3. Keep an Eye on Activity
Regularly review account activity and look out for anything unusual, such as unexpected logins or new connections.
4. Change Access Details Regularly
Update important access credentials periodically, especially after any suspected incident.
5. Take Third-Party Risk Seriously
Treat external tools and suppliers as part of your overall cybersecurity, not as an afterthought.
How Consider IT Can Help
At Consider IT, this is exactly the type of risk we help organisations manage every day.
We don’t just secure your systems, we look at the entire ecosystem around them, including:
-Third-party integrations and SaaS tools
-Microsoft 365 and Google Workspace security
-Credential and access management
–Cyber Essentials and Cyber Essentials Plus certification
-Ongoing monitoring and threat detection
Our onboarding process includes a comprehensive review of your environment, ensuring risks like this are identified and mitigated early. If you want to know more, get in touch today for some friendly advice.
Final Thoughts
The Vercel breach is a clear reminder that:
-Your security is only as strong as your weakest integration.
-As businesses adopt more AI tools and cloud services, the attack surface continues to grow.
Taking a proactive approach to access control, third-party risk, and monitoring is no longer optional, it’s essential.
