Gate News message, April 23 — Vercel disclosed on April 19 that its security incident, initially described as affecting a “limited subset of customers,” has expanded to a much broader developer community, particularly those building AI agent workflows. The attack may affect hundreds of users across several organizations, not limited to Vercel alone but potentially impacting the broader tech industry.
The breach originated when a Context.ai employee was infected with Lumma Stealer malware after downloading a Roblox Auto-farm script and game exploit tools. The malware compromised the employee’s Google Workspace login credentials and access keys to platforms including Supabase, Datadog, and Authkit. The attacker then used a stolen OAuth token to access Vercel’s Google Workspace account, which had been created using a Vercel enterprise account with “allow all” permissions. Once inside, the attacker decrypted non-sensitive environment variables, though sensitive data remained protected due to Vercel’s storage safeguards.
AI developers face elevated risk because they commonly store critical credentials—such as OpenAI or Anthropic API keys, vector database connection strings, webhook secrets, and third-party tool tokens—in environment variables without manually marking them as sensitive. These credentials are not automatically flagged by the system, leaving them vulnerable to exposure.
In response, Vercel updated its platform so that all newly created environment variables are marked sensitive by default. The company’s security team shared the unique identifier of the compromised OAuth app, urging Google Workspace administrators to audit access logs. Context.ai, assisted by Nudge Security CTO Jaime Blasco, detected an additional OAuth permission grant with Google Drive access and immediately alerted affected customers with remediation steps.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
OpenAI Recruits Top Enterprise Software Talent as Frontier Agents Disrupt Industry
Gate News message, April 26 — OpenAI and Anthropic have been recruiting senior executives and specialized engineers from major enterprise software companies including Salesforce, Snowflake, Datadog, and Palantir. Denise Dresser, former CEO of Slack under Salesforce, joined OpenAI as chief revenue of
GateNews10h ago
Worxphere Rebrands JobKorea With AI-Powered Hiring Tools
Gate News message, April 26 — South Korean HR platform Worxphere has rebranded JobKorea as it transitions from traditional online job boards to AI-driven hiring solutions. The company is consolidating services including JobKorea and Albamon into a unified platform covering permanent employment,
GateNews20h ago
AI Agents can already independently recreate complex academic papers: Mollick says most errors come from human original text rather than AI
Mollick points out that publicly available methods and data can allow AI agents to reproduce complex research without the original paper and code; if the reproduction does not match the original paper, it is usually due to errors in the paper’s own data processing or overextension of the conclusions, rather than the AI. Claude first reproduces the paper, and then GPT‑5 Pro cross-validates it; most attempts succeed, but they are blocked when the data is too large or when there are issues with the replication data. This trend greatly reduces labor costs, making reproduction a widely actionable form of verification, and it also raises institutional challenges for peer review and governance, with government governance tools or becoming a key issue.
ChainNewsAbmedia21h ago
UAE Announces Shift Toward AI Government Model in the Next Two Years
His Highness Sheikh Mohammed bin Rashid Al Maktoum stated that the goal was for 50% of government sectors to operate through autonomous agentic AI. The transition will also include the training of federal employees to “master AI” and will be overseen by Sheikh Mansour bin Zayed.
Key Takeaways:
Coinpedia04-25 08:39
AI Trading Platform Fere AI Raises $1.3M in Funding Led by Ethereal Ventures
Gate News message, April 25 — Fere AI, an AI-powered digital asset trading platform, announced the completion of a $1.3 million funding round led by Ethereal Ventures, with participation from Galaxy Vision Hill and Kosmos Ventures, according to Globenewswire.
The platform supports cross-chain
GateNews04-25 07:46
Nvidia Deploys OpenAI Codex AI Agent Across Entire Workforce on Blackwell Infrastructure
Gate News message, April 25 — Nvidia has rolled out OpenAI's Codex, an AI agent powered by GPT-5.5, to its entire workforce following a successful trial with approximately 10,000 employees, according to internal communications from CEO Jensen Huang and OpenAI CEO Sam Altman.
Codex is designed to as
GateNews04-25 03:11
