How a Hacked AI Tool Led to a Bigger Breach at a Web Hosting Company

Two companies—an AI startup called Context.ai and a web hosting platform called Vercel—suffered linked security breaches that exposed some customer information. The attack started at Context.ai, then spread to Vercel. It happened because of a common security mistake: allowing too many permissions when connecting one app to another.

What Happened at Context.ai

Context.ai discovered that someone had broken into their computer systems without permission. The attackers stole login codes (called OAuth tokens) from some people using Context.ai's AI Office Suite—a consumer product available to anyone who signs up.

Here's how the attackers got in: A Vercel employee created an account on Context.ai using their Vercel company account. When setting up the connection, the employee clicked "Allow All" permissions—essentially giving Context.ai full access to their Google Workspace account. This overly broad access became the door the attackers would use.

Context.ai brought in cybersecurity experts at CrowdStrike to clean up and secure their systems. The company noted that their enterprise product—versions that run on a customer's own computers rather than Context.ai's servers—was not affected.

The Attack Spreads to Vercel

The stolen login codes from Context.ai became the key to a larger break-in at Vercel. Attackers used those codes to get into the Vercel employee's Google account, and from there, they moved deeper into Vercel's internal systems.

Vercel announced the breach on April 19, 2026. CEO Guillermo Rauch posted about it on X the next day. Some customer login information was compromised.

Once inside, the attackers explored Vercel's systems and found information labeled as "non-sensitive"—things like configuration settings and API identifiers. Vercel had protected truly sensitive data (like passwords and encryption keys) with stronger security, so those remained safe. But the non-sensitive information the attackers found gave them enough detail to keep moving deeper into the company's systems.

What the Attackers Got and Did Next

The stolen data from Vercel is now being offered for sale on underground internet forums for $2 million, according to security researchers. The attackers also created malware designed to steal login information and access codes from other services—suggesting they were running a broader attack campaign against web developers and their tools.

Vercel is working with Microsoft, AWS, and cybersecurity firm Wiz to respond to the breach. The company has advised anyone using Google Workspace to check whether Context.ai's application has access to their accounts.

Why This Attack Matters

This incident exposes a real problem in how modern apps connect to each other. When the Vercel employee clicked "Allow All," they created a trust relationship that went way too far. It opened a door from one company's systems directly into another's.

Worth flagging: The difference between "sensitive" and "non-sensitive" data mattered here. While Vercel's truly sensitive information stayed protected, the non-sensitive data the attackers found was enough to help them break in further.

What This Teaches Us

Analysis: This breach is similar to a famous 2020 attack on a software company called SolarWinds, where attackers used one company's product to reach many others. Here, the problem was different but the result was the same: one weak spot became the opening to a much bigger break-in.

The fact that Context.ai has both a free consumer product and paid enterprise products created a vulnerability. The consumer version sat on Context.ai's own servers—where the breach happened. The enterprise version lives on each customer's own computers, which is why it stayed safe.

In this author's view, the speed with which Vercel and its partners responded—working together and disclosing what happened within days—shows that the tech industry has gotten better at handling these kinds of incidents. That's progress worth noting.

What Comes Next

This breach will likely push companies to be more careful about what permissions they grant when connecting apps together. When you connect an app to your email or cloud storage, you'll probably see stronger warnings about asking for "Allow All" access.

For companies considering using new AI tools, this incident is a reminder to think carefully about where the tool runs and what access it needs. Consumer products that share infrastructure with many users carry different risks than enterprise versions that run in isolation.