Gate News message, April 23 — Vercel disclosed on April 19 that its security incident, initially described as affecting a “limited subset of customers,” has expanded to a much broader developer community, particularly those building AI agent workflows. The attack may affect hundreds of users across several organizations, not limited to Vercel alone but potentially impacting the broader tech industry.
The breach originated when a Context.ai employee was infected with Lumma Stealer malware after downloading a Roblox Auto-farm script and game exploit tools. The malware compromised the employee’s Google Workspace login credentials and access keys to platforms including Supabase, Datadog, and Authkit. The attacker then used a stolen OAuth token to access Vercel’s Google Workspace account, which had been created using a Vercel enterprise account with “allow all” permissions. Once inside, the attacker decrypted non-sensitive environment variables, though sensitive data remained protected due to Vercel’s storage safeguards.
AI developers face elevated risk because they commonly store critical credentials—such as OpenAI or Anthropic API keys, vector database connection strings, webhook secrets, and third-party tool tokens—in environment variables without manually marking them as sensitive. These credentials are not automatically flagged by the system, leaving them vulnerable to exposure.
In response, Vercel updated its platform so that all newly created environment variables are marked sensitive by default. The company’s security team shared the unique identifier of the compromised OAuth app, urging Google Workspace administrators to audit access logs. Context.ai, assisted by Nudge Security CTO Jaime Blasco, detected an additional OAuth permission grant with Google Drive access and immediately alerted affected customers with remediation steps.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
OpenAI launches GPT-5.5: 12M context, AA index tops the chart, and Terminal-Bench rewrites the agent benchmark with 82.7%
OpenAI releases GPT-5.5, focused on agent-style work and enterprise knowledge processing, and also rolls it out in ChatGPT and Codex. Key points include a 12 million token context window and an AA Intelligence Index of 60, leading Claude Opus by 4.7 and Gemini 3.1 Pro; pricing is $5 per million tokens for input and $30 per million tokens for output. Output tokens are reduced by about 40%, while the actual cost increases by about 20%.
ChainNewsAbmedia3h ago
MagicBlock Launches Mirage, Command-Line Privacy Payment Tool for Solana
Gate News message, April 23 — MagicBlock has released Mirage, a command-line privacy payment tool designed for the Solana network. The tool enables users to create wallets, deposit funds, and send private transactions through terminal commands, bots, or AI agents.
Mirage is built on Private
GateNews7h ago
OpenClaw 2026.4.22 Unifies Plugin Lifecycle Across Codex and Pi Harnesses, Reduces Plugin Load Time by Up to 90%
Gate News message, April 23 — OpenClaw, an open-source AI Agent platform, released version 2026.4.22 on April 22, with its biggest change being the alignment of Codex harness and Pi harness lifecycles. Previously, plugins behaved inconsistently across the two harness pathways, with some hooks
GateNews8h ago
Google Cloud and CVC Partner to Accelerate AI Agent Transformation for Portfolio Companies
Gate News message, April 23 — Google Cloud and private equity giant CVC announced a strategic partnership to accelerate AI agent transformation for CVC and hundreds of companies within its investment portfolio. The collaboration will leverage Google Cloud's artificial intelligence platform and
GateNews10h ago
Delphi AI Prediction Market Launches on Gensyn Mainnet
Gate News message, April 23 — AI prediction market protocol Delphi has officially launched on Gensyn, an AI computing protocol, enabling humans and AI agents to conduct prediction trades on the same platform. Settlement is completed on-chain through verified AI oracles.
Gensyn previously launched D
GateNews10h ago
