Vercel, a cloud platform for developing and deploying apps, has disclosed a breach of its internal systems. The incident came to light on Sunday and the company says it has brought in an incident response provider to investigate the intrusion. A "limited subset" of customers is affected.
Details of the intrusion are scant at this point. Vercel recommends that customers check activity logs for suspicious activity and rotate environmental variables as a precaution. The company also suggests using its sensitive environmental variables feature, which stores sensitive information like API keys in an unreadable format.
The breach was related to the compromise of a third-party app, according to Vercel. "Our investigation has revealed that the incident originated from a third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise," the company said. The affected customers have been contacted directly by Vercel.
Vercel provides a wide range of services for developers and enterprises, including offerings focused on agentic AI workloads. The company has not specified which systems were compromised or how many customers are affected.
