Vercel Expands Breach Scope: More Accounts Compromised in Context.ai-Linked Incident

Vercel disclosed that its investigation into the Context.ai-linked breach identified an expanded set of compromised customer accounts beyond those initially reported. The company expanded its investigation using additional compromise indicators and a review of requests to the Vercel network and environment variables. This continues a multi-company breach chain that began with Context.ai and has now affected Vercel’s internal systems and customer accounts across multiple discovery waves.

Vercel customers should treat all environment variables and deployment secrets stored in Vercel as potentially exposed, regardless of whether they received a direct notification. Rotate CI/CD tokens, API keys, and any secrets injected at build time. Organizations using Vercel for production workloads should also audit downstream access granted to Vercel deployments in their cloud environments.