incident
Vercel Breach: Lumma Stealer Infects Context.ai, OAuth Tokens Compromise Customer CredentialsVercel April 2026 Breach via Context.ai OAuth Chain
In April 2026, Vercel disclosed a breach where an attacker used OAuth tokens stolen from Context.ai via Lumma Stealer malware to access Vercel internal systems and customer environment variables. The attack chain started with a Context.ai employee downloading Roblox auto-farm scripts, leading to a two-month dwell time and eventual exposure of credentials for AWS, Azure, GCP, GitHub, Stripe, Twilio, and SendGrid. The incident highlights risks of OAuth trust relationships and AI-supply-chain attacks.