Technical description
Attackers compromised Context.ai AI tool through malware disguised as Roblox cheats, then used OAuth tokens to breach Vercel employee Google Workspace accounts and access customer environment variables.
Attack vector
Multi-stage attack: Lumma stealer malware → Context.ai compromise → OAuth token theft → Google Workspace takeover → Vercel internal systems access.
Affected systems
Vercel hosting platform customers with non-sensitive environment variables; Context.ai AI Office Suite users with OAuth permissions.
Mitigation
Vercel advises rotating all credentials and secrets. Organizations should audit third-party AI tool OAuth permissions and implement principle of least privilege for AI service integrations.