TL;DR
On April 20, 2026 Vercel — the cloud hosting giant that owns the Next.js framework and hosts production sites around the world — confirmed it had been breached.
The root cause wasn't a zero-day exploit or an elite state-sponsored actor.
It was one employee who downloaded an AI app called Context AI for personal use, then connected it to their corporate Google account via OAuth.
Context AI itself had been breached back in March. Hackers used the stored OAuth tokens to take over the employee's Google account, then walked into Vercel's internal systems and found unencrypted credentials that let them escalate further.
The fallout:
- Customer API keys leaked
- Source code from multiple customers stolen
- Database credentials accessed
- Deployment credentials claimed compromised (Vercel called them "non-sensitive")
- Potentially affected "hundreds of users across many organizations"
Next.js and Turbopack, both open source, were not affected per Vercel's statement.
But for every company that uses SaaS (so, every company) this is the case study to learn from before it happens to you.
Because this isn't really about Vercel. It's about the systemic risk every organization now swims in — AI + OAuth + SaaS, all moving faster than governance can keep up.
Read on. I'll walk through the attack chain step by step, then pull out 7 lessons you can act on tomorrow morning.
It Started With One Employee Installing an AI App
This story doesn't start at Vercel.
It starts at Context AI — a consumer-facing productivity app used by people around the world.
In March 2026 Context AI got breached. The news didn't spread widely because Context AI was a consumer product without strong public-facing enterprise commitments.
But here's the catch — one Vercel employee had previously installed Context AI.
And at install time, they chose "Sign in with Google" — connecting the app to their Vercel corporate Google account via OAuth.
Why use the corporate account? Same reason we all do:
- Convenient
- No extra password to manage
- Felt low-stakes — just a small AI tool
The moment they clicked "Allow" was the moment Vercel had already lost — nobody just knew it yet.
An OAuth grant doesn't just read your profile. Depending on the scope requested, it can include:
- Read email
- Access Google Drive
- Read calendar
- Or with broad scopes — a refresh token that can mint new access tokens indefinitely
So when Context AI got breached, all the OAuth tokens stored in its systems became hacker property.
Including the one from Vercel.
The Timeline You Need to Know
Here's the sequence:
March 2026 — Context AI gets breached (the upstream compromise that started everything)
March–April — Hackers work through the OAuth tokens they now hold, pivoting into companies whose employees had used Context AI. Vercel was one of them.
April 20, 2026 — Vercel publicly discloses the incident via TechCrunch and its own changelog, confirming customer data was stolen.
Time from Context AI breach to Vercel disclosure: at least one month.
That's what the industry calls attack dwell time — the window between initial compromise and detection. The global average for dwell time sits in the tens to hundreds of days.
What that means:
- By the time you realize you've been breached, the attackers have already been inside for weeks
- Slow incident response compounds damage exponentially
- Forensics get harder because logs may have already rotated out
A one-month window is actually fast by industry standards. That doesn't mean nothing bad happened during that month.
Why This Matters More Than Your Average Breach Story
Think about what Vercel is:
- A cloud platform hosting millions of production websites
- Owner of Next.js, used by Fortune 500 companies
- An infrastructure layer your own website might depend on without you even realizing it
When Vercel gets breached, the impact cascades — Vercel's customers get hit, and in some cases their customers too.
This pattern has a name in the security world: supply chain attack. Compromise one point, ripple across hundreds or thousands of organizations simultaneously.
If you remember any breach from the last decade, it's probably SolarWinds in 2020 — attackers planted malware in SolarWinds' software update, affecting customers including multiple US government agencies.
Vercel 2026 isn't a carbon copy of SolarWinds — but the pattern rhymes:
- Single point of compromise
- Impact spreads across organizational boundaries
- Company-level defenses aren't enough; you need ecosystem-level thinking
I'm calling this the "SolarWinds moment of the AI + OAuth era" — because it happened during a rush to adopt AI tooling before governance caught up.
Attack Anatomy: Every Step That Went Wrong
Six stages, each a missed defense:
- Pre-attack — Employee installs AI app with no review. Gap: no application install control.
- OAuth grant — Broad permissions given to corporate Google account. Gap: overly broad scopes, no admin review.
- Upstream breach — Context AI itself gets compromised. Gap: no vendor risk assessment on apps employees actually use.
- Token theft — Hackers reuse stolen OAuth/refresh tokens indefinitely. Gap: token lifetimes too long, no proactive revocation.
- Lateral movement — Google account unlocks Vercel internals via SSO. Gap: weak segmentation, no step-up auth for sensitive actions.
- Credential sprawl — Internal credentials stored unencrypted, enabling further escalation. Gap: a company this size should never have plaintext secrets lying around.
Close any one of these six gaps and the attack chain breaks. The story never reaches the customer.
7 Lessons for Every Company Using SaaS
1. OAuth Audits Every Quarter
Ask yourself right now: do you actually know how many OAuth apps your employees have granted access to?
Most leaders can't answer.
Google Workspace has "Third-party apps with account access" in the admin console — a full list of what every app can see.
Microsoft 365 has Enterprise Applications in Entra ID — complete permission details.
Action: audit quarterly. Revoke anything unused or unfamiliar.
2. Least Privilege for OAuth Scopes
Don't grant email.read when profile is enough.
Don't grant drive.full when one folder would do.
Iron rule: the OAuth scope you carelessly grant = the permissions the hackers will get if that vendor gets breached.
Action: require admin review of OAuth scopes before approving apps for company-wide use.
3. Employee Application Control Policy
Block or require approval for any app that connects to a corporate account.
This isn't about distrusting employees. It's about the fact that supply chain risk isn't something an individual employee can reasonably assess alone.
Action: maintain an allowlist of security-reviewed apps, plus an approval process for new ones.
4. Credential Hygiene
Internal credentials must be encrypted at rest, always.
Use a proper secret manager: HashiCorp Vault, AWS Secrets Manager, 1Password for Teams, Azure Key Vault.
Rules of thumb:
- No hardcoded secrets in source code
- No plaintext secrets in config files
- Automated rotation at least quarterly
- Access logging every time a secret is fetched
If Vercel had this locked down tight, the attackers reaching internal systems still couldn't have escalated.
5. MFA That Actually Holds Up
SMS MFA isn't enough. SIM swap attacks have proven this over and over.
Use:
- Hardware security keys (Yubikey)
- Passkeys (FIDO2 standard)
- Phishing-resistant authenticator apps
But understand this: MFA doesn't stop OAuth token abuse. Once a token is issued and stolen, it works without an MFA prompt.
Action: short token lifetimes (think 1 hour), and re-auth requirements for sensitive scopes.
6. Anomaly Detection
Login from an unexpected country, at an odd time, or from a new device should trigger an alert.
SIEM options: Microsoft Sentinel, Datadog Cloud SIEM, Splunk, Elastic Security, Wazuh (open source).
Google Workspace and Microsoft 365 have alerting built in — turn it on and tune it.
Action: alert on
- Impossible travel login events
- Activity outside normal working hours when no pattern exists
- New OAuth grants on corporate accounts
- Admin privilege escalations
7. An Incident Response Plan You Actually Rehearse
A plan on paper isn't a plan.
Run tabletop exercises — simulate scenarios and practice the response — at least 2–4 times a year.
Cover:
- Who's the incident commander?
- When does legal get looped in?
- Customer communications plan (prepared before the incident, not during)
- Forensics preservation — logs must not rotate out before investigation
- Regulatory notification — PDPA 72 hours, GDPR 72 hours
Action: schedule at least one rehearsal next year. Capture lessons. Update the plan.
For Thai Businesses — The PDPA Connection
PDPA isn't a future concern anymore. In 2026 enforcement is real (we've covered five cases in an earlier article).
If a Thai business hits a Vercel-style incident — customer data leaked through a supply chain breach — PDPA penalties apply squarely.
The DPO's Job in Supply Chain Context
Vendor risk assessment — evaluate every third party processing data on your behalf (not just direct vendors — apps employees use count too)
Data Processing Agreements (DPA) — sign DPAs with every vendor, specifying:
- Required security standards
- Breach notification window
- Liability scope
- Audit rights
72-hour breach notification — PDPA requires notifying the PDPC within 72 hours of discovery
Record of Processing Activities (RoPA) — logs of who accessed what, so post-incident investigation is possible
Fines Are Just the Start
PDPA allows fines up to 5 million baht per incident, plus damages to affected individuals.
But fines are only the tip of the iceberg:
- Reputation damage — existing customers don't renew, new customers choose competitors
- Churn — B2B clients leave because your compliance posture fails their vendor review
- Insurance premium spikes — cyber insurance rates climb after a claim
- Legal costs — lawyers, forensics, customer notification logistics
The US doesn't have PDPA, but it has CCPA, SOC 2, and GDPR (for EU customers). Thai companies with international customers face overlapping compliance — it's more complex, not less.
Tools — Vendor-Neutral Suggestions
I don't have a fixed brand preference, because every company's trade-offs depend on size, budget, and existing tech stack.
- OAuth audit / IAM: Google Admin Console, Microsoft Entra ID, Okta, JumpCloud
- Secret management: HashiCorp Vault, AWS Secrets Manager / Azure Key Vault / GCP Secret Manager, 1Password for Teams, Doppler, Infisical
- SIEM: Microsoft Sentinel, Datadog Cloud SIEM, Splunk, Elastic Security, Wazuh (open source)
- Hardware key / Passkey: Yubikey, Google Titan, Platform Passkeys
- Endpoint protection: CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Sophos
Choose based on context — not on who has the loudest marketing.
How Enersys Thinks About This
Enersys is a Software House building Odoo ERP, Enterprise AI systems, and PDPA consulting for Thai businesses. When we hand a system over to a client, our responsibility doesn't end at "the code runs." Supply chain risk is a first-class concern:
- Odoo deployments — every third-party module reviewed for origin, CVE status, and maintenance freshness.
- AI integrations — data flow, minimum OAuth scopes, storage location, and vendor incident response reviewed before any tool ships to a client.
- PDPA assessments — we cover supply chain risk, not just direct data handling: vendor inventory, practical DPA templates, and a breach notification playbook.
I'm not claiming we're perfect — security never is. There's only "better today than yesterday." But a team that doesn't think about this at all is a team waiting for its own Vercel moment.
Closing — Trust Is Built, Then Broken, Then Rebuilt
Three takeaways from Vercel:
1. No one is too big to fail
Vercel has skilled security engineers, significant budget, and processes better than most companies. They still got breached.
If you're smaller, you need to be even more careful — because you have fewer resources to absorb the blow.
2. Supply chain attacks aren't bad luck
They're systemic risk in an era of SaaS + AI + OAuth.
If you don't invest in prevention, you're queuing up for your own incident.
3. Defense = culture + tooling + discipline
Expensive tools alone won't save you.
You need a culture where employees recognize risk.
You need the discipline to not treat security as a secondary priority.
Vercel's incident will resolve with patches and advisories. The trust that was lost will take longer to rebuild.
For Thai businesses reading this — if this hit you tomorrow, are you ready?
If not, you can start today.
Sources
This article was written by the Enersys team — a Software House providing Odoo ERP implementation, Enterprise AI solutions, and PDPA consulting for Thai businesses. If you're worried about supply chain risk in the SaaS stack you're using today, get in touch anytime.
