Vercel, the company that created the open source Next.js web development framework, has a data leak that led to compromise of some customer credentials, and blamed an outfit called Context.ai for the mess.
A Vercel security bulletin says that on April 19, the company “identified a security incident that involved unauthorized access to certain internal Vercel systems” and led to credential compromise for “a limited subset of customers.” The company contacted those customers and “recommended an immediate rotation of credentials.”
“We continue to investigate whether and what data was exfiltrated and we will contact customers if we discover further evidence of compromise,” the bulletin states, adding that the company has “deployed extensive protection measures and monitoring. Our services remain operational.”
Vercel has named the source of the mess:
Context.ai has also published a security bulletin that reveals a March incident that saw it identify and stop a security incident involving unauthorized access to its AWS environment. Context.ai hired CrowdStrike to conduct an investigation, and closed its AWS rig.
“Today, based on information provided by Vercel and some additional internal investigation, we learned that, during the incident last month, the unauthorized actor also likely compromised OAuth tokens for some of our consumer users,” the company admitted.
The company’s consumer clients used a product called the AI Office suite that Context.ai describes as a “workspace designed to help users work with AI agents to build presentations, documents, and spreadsheets. The AI Office suite offered a feature that allowed consumer users to enable AI agents to perform actions across their external applications, facilitated via another 3rd-party service.”
Back to Context.ai’s bulletin, which says whoever attacked its systems “appears to have used a compromised OAuth token to access Vercel’s Google Workspace. Vercel is not a Context customer, but it appears at least one Vercel employee signed up for the AI Office Suite using their Vercel enterprise account and granted ‘Allow All’ permissions.”
Context.ai thinks Vercel’s internal OAuth configurations “appear to have allowed this action to grant these broad permissions in Vercel’s enterprise Google Workspace.”
All of the actors in this mess made mistakes.
Context.ai clearly didn’t have great infosec. CrowdStrike’s investigation appears to have missed a trick or two. Vercel didn’t lock down its Google Workspace.
And now the world has an example of an agentic AI product linking to third-party services and causing trouble, just the kind of risk infosec experts have warned about. ®
Click Here For The Original Source
