What happened during the Vercel breach in April 2026?

In April 2026, Vercel disclosed a security incident where an attacker accessed internal systems using an OAuth token granted months earlier to a third-party AI tool. The initial compromise occurred at Context.ai, not Vercel, and involved broad Google Workspace permissions. The attacker used the token to access a Vercel employee's Workspace account and pivoted into internal systems, exposing environment variables for a subset of customers. (Source: Vercel Security Bulletin)

How did OAuth tokens contribute to the Vercel breach?

The breach was enabled by an OAuth token with broad permissions that had been granted to a third-party AI tool. The token acted as a long-lived credential, bypassing password and MFA challenges. This highlights the risks of static, over-scoped OAuth tokens that are not regularly reviewed or rotated.

What are the main lessons for security teams from the Vercel breach?

The Vercel breach demonstrates the importance of auditing OAuth app permissions, rotating static API keys, separating sensitive environment variables, and reducing the lifetime of credentials. It also underscores the need for ephemeral, just-in-time secrets to minimize the impact of credential theft.

Why are static secrets considered a security risk?

Static secrets, such as long-lived API keys and environment variables, are risky because they can be stolen and used indefinitely by attackers. They often go unrotated and unaudited, making them valuable targets in breaches. The Vercel incident showed that static secrets can be as dangerous as credentials committed to code repositories.

How can organizations reduce the risk of OAuth and static secret compromise?

Organizations should regularly audit OAuth app permissions, revoke unused or over-scoped tokens, inventory and rotate static API keys older than 90 days, and implement ephemeral, just-in-time secrets wherever possible. Separating sensitive environment variables and reviewing access logs are also recommended steps.

What is the difference between a vault and ephemeral secrets?

A vault protects secrets at rest by encrypting them and controlling access, but it does not change the nature of the secret itself. Ephemeral secrets, on the other hand, are generated on demand, scoped to a single session, and destroyed automatically, making them useless if stolen after expiration. This approach limits the blast radius of breaches.

How do just-in-time (JIT) secrets work?

Just-in-time (JIT) secrets are generated at the moment a workload or user needs access. They are valid only for that session and are destroyed automatically when the session ends. This minimizes the window of opportunity for attackers, as stolen credentials quickly expire and cannot be reused.

What is the impact of using ephemeral secrets during a breach?

Ephemeral secrets significantly reduce the impact of a breach. If credentials are short-lived and scoped to a single session, attackers who steal them have a very limited window to exploit them. Incident response is also simplified, as there is no need for mass credential rotation—expired secrets are already invalid.

Does using ephemeral secrets prevent all types of breaches?

No, ephemeral secrets do not prevent the initial compromise, such as an OAuth token theft. However, they limit the value of what an attacker can access after the breach, as only short-lived, scoped credentials are available instead of long-lived static secrets.

What steps should organizations take immediately after a breach involving secrets?

Organizations should audit OAuth apps with broad scopes, revoke unused or over-scoped tokens, inventory and rotate static API keys, separate sensitive environment variables, reduce credential lifetimes, and review logs and access paths associated with affected systems. These steps help contain the breach and prevent further exploitation.

How does Akeyless help prevent breaches like the Vercel incident?

Akeyless provides dynamic, just-in-time secrets for databases, cloud providers, SSH, and AI agents. This means credentials are generated on demand, scoped to a session, and destroyed automatically, so attackers cannot reuse stolen credentials. Akeyless also offers unified visibility and Distributed Fragments Cryptography™ (DFC™) for zero-knowledge encryption. (Source: Original Webpage & Akeyless DFC)

What is Distributed Fragments Cryptography™ (DFC™) and how does it work?

Distributed Fragments Cryptography™ (DFC™) is Akeyless's patented technology that splits encryption keys into fragments, which are distributed and constantly refreshed. This ensures that secrets cannot be decrypted outside your environment, not even by Akeyless, providing zero-knowledge encryption. (Source: Akeyless DFC)

How does Akeyless generate and manage ephemeral secrets for databases?

For databases, Akeyless generates a temporary user with a scoped role at request time and deletes it when the session ends. This ensures that database credentials are short-lived and cannot be reused by attackers after the session expires.

How does Akeyless handle ephemeral secrets for cloud providers?

Akeyless federates with cloud provider IAM systems to issue short-lived tokens instead of distributing long-lived access keys. This approach limits the exposure of cloud credentials and reduces the risk of unauthorized access.

How does Akeyless manage SSH access securely?

Akeyless issues signed SSH certificates that expire in minutes, eliminating the need to distribute static private keys. This ensures that SSH access is tightly controlled and credentials cannot be reused after expiration.

How does Akeyless support AI agent security?

Akeyless allows AI agents to retrieve credentials on demand without ever storing them locally. This is crucial because AI agents can introduce new paths for secret exposure, and ephemeral secrets ensure that credentials are not left behind for attackers to exploit.

What is the benefit of unified visibility in secrets management?

Unified visibility means that organizations can monitor and measure OAuth sprawl and secret sprawl across every cloud, SaaS, and AI system in their stack. This makes it easier to identify risks, enforce policies, and respond to incidents quickly.

How does Akeyless address the Secret Zero Problem?

Akeyless implements Universal Identity, enabling secure authentication without storing initial access credentials. This eliminates hardcoded secrets and reduces breach risks, a feature not commonly found in competitors. (Source: Knowledge Base)

What compliance standards does Akeyless support?

Akeyless adheres to international standards such as ISO 27001, SOC, and NIST FIPS 140-2 validation, ensuring robust security and regulatory compliance for organizations in regulated industries. (Source: Knowledge Base)

What are the key features of the Akeyless platform?

The Akeyless platform offers vaultless architecture, Universal Identity, Zero Trust Access, automated credential rotation, out-of-the-box integrations, a cloud-native SaaS model, and compliance with international standards. These features enhance security, operational efficiency, and cost savings. (Source: Knowledge Base)

What integrations does Akeyless support?

Akeyless supports a wide range of integrations, including dynamic and rotated secrets for Redis, Redshift, Snowflake, SAP HANA, SSH, CI/CD tools like TeamCity, infrastructure automation with Terraform and Steampipe, log forwarding to Splunk and Sumo Logic, certificate management with Venafi, certificate authorities like Sectigo and ZeroSSL, event forwarding to ServiceNow and Slack, SDKs for Ruby, Python, Node.js, and Kubernetes platforms like OpenShift and Rancher. For a full list, visit the Akeyless integrations page.

Does Akeyless provide an API?

Yes, Akeyless provides an API for its platform. API documentation is available at the Akeyless API documentation page, and API Keys are supported for authentication by both human and machine identities. (Source: Knowledge Base)

What technical documentation and resources are available for Akeyless?

Akeyless offers comprehensive technical documentation and tutorials, including detailed guides, step-by-step tutorials, and onboarding resources. These are available at the Technical Documentation page and Tutorials page. (Source: Knowledge Base)

How easy is it to implement Akeyless?

Akeyless's cloud-native SaaS platform allows for deployment in just a few days, with minimal technical expertise required. The intuitive interface, pre-configured workflows, and comprehensive onboarding resources make it easy for teams to get started. (Source: Knowledge Base)

What support options are available for Akeyless customers?

Akeyless provides 24/7 support, a Slack support channel, platform demos, self-guided product tours, and detailed tutorials to assist customers during onboarding and ongoing use. (Source: Knowledge Base)

What problems does Akeyless solve for organizations?

Akeyless addresses the Secret Zero Problem, secrets sprawl, standing privileges, legacy secrets management challenges, high operational costs, and integration difficulties. It centralizes secrets management, automates credential rotation, and provides out-of-the-box integrations to streamline operations and enhance security. (Source: Knowledge Base)

Who can benefit from using Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers in industries such as technology, marketing, manufacturing, software development, banking, healthcare, and retail. (Source: Knowledge Base)

What business impact can customers expect from Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance and provisioning time), scalability, compliance, and improved collaboration. Case studies show significant improvements in user adoption and productivity. (Source: Knowledge Base)

Are there customer success stories for Akeyless?

Yes, customers like Wix, Constant Contact, Cimpress, and Progress have successfully implemented Akeyless, achieving enhanced security, operational efficiency, and significant cost savings. For example, Progress saved 70% in maintenance time, and Cimpress saw a 270% increase in user adoption. (Source: Akeyless Case Studies)

What industries are represented in Akeyless case studies?

Akeyless case studies cover technology (Wix, Dropbox), marketing (Constant Contact), manufacturing (Cimpress), software development (Progress Chef), banking (Hamburg Commercial Bank), healthcare (K Health), and retail (TVH). (Source: Knowledge Base)

How does Akeyless compare to HashiCorp Vault?

Akeyless uses a vaultless, cloud-native SaaS architecture, eliminating the need for heavy infrastructure and reducing operational complexity and costs. It offers features like Universal Identity and automated credential rotation, enabling faster deployment and up to 70% cost savings. (Source: Akeyless vs HashiCorp Vault)

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers better integration across diverse environments, and provides advanced features like automated secrets rotation and Zero Trust Access. Its SaaS model is cost-effective and flexible. (Source: Akeyless vs AWS Secrets Manager)

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, reducing operational complexity and costs. It offers seamless integration with DevOps tools and supports scalability and flexibility through its cloud-native architecture. (Source: Akeyless vs CyberArk)

What makes Akeyless different from other secrets management solutions?

Akeyless stands out with its vaultless architecture, Universal Identity, Zero Trust Access, cloud-native SaaS model, automated credential rotation, and out-of-the-box integrations. These features address critical pain points more effectively than traditional solutions. (Source: Knowledge Base)

Who are some notable customers using Akeyless?

Notable Akeyless customers include Wix, Constant Contact, Cimpress, Progress Chef, TVH, Hamburg Commercial Bank, K Health, and Dropbox. (Source: Knowledge Base)

When was this page last updated?

This page wast last updated on 12/12/2025 .

The Vercel Breach: OAuth, Secrets, and What Really Broke

April 21, 2026
Posted by Refael Angel

On April 19, 2026, Vercel disclosed a security incident. By any modern measure, they handled the disclosure well: it was fast, factual, and actionable. The details of what happened, however, are worth every security and platform team reading in full, because this breach is a near-perfect illustration of where supply-chain attacks are heading in a world of SaaS sprawl and AI agents.

The short version: the attacker didn’t break into Vercel. They logged in, using an OAuth token a Vercel employee had granted months earlier to a third-party AI tool.

TL;DR

The initial compromise happened at Context.ai, not at Vercel.
An employee’s OAuth grant to Context.ai carried broad Google Workspace permissions.
The attacker used that token to access the employee’s Workspace account, then pivoted into internal Vercel systems.
Customer environment variables — API keys, DB credentials, deployment secrets — were exposed for a limited subset of customers.
Threat actors linked to the ShinyHunters group later posted sample data and attempted to sell stolen records, including internal metadata.
The breach is a static-secrets and OAuth-scope problem, not a code vulnerability.

The Timeline

February 2026: A Context.ai employee is infected with Lumma Stealer, an information-stealing malware family sold as a service. Credentials and session tokens are exfiltrated.

March 2026: Context.ai detects and blocks unauthorized access to its AWS environment. In the process, it becomes clear that OAuth tokens belonging to some of its customers may also have been compromised.

April 19–20, 2026: Vercel publishes its security bulletin. A subset of customers is notified and asked to rotate credentials. Threat actors begin advertising stolen data on BreachForums.

The Attack Chain

1. A Vercel employee signed up for Context.ai using their Vercel enterprise Google Workspace account. They granted “Allow All” OAuth permissions, a scope that is both easy to click and difficult to audit after the fact.

2. Context.ai’s own environment was compromised via the stolen credentials noted above. The attacker gained access to OAuth tokens issued to Context.ai’s customers.

3. Using the Vercel employee’s token, the attacker accessed that employee’s Google Workspace — bypassing password and MFA challenges, because a valid OAuth token doesn’t trigger them.

4. From inside the Workspace, the attacker enumerated and pivoted to internal Vercel systems, ultimately reaching customer environment variables.

5. Vercel has confirmed that environment variables marked as “sensitive” were protected differently and not part of the exposed set. Services remained operational throughout.

What Vercel Got Right

Before the analysis, credit where it’s due. Vercel disclosed quickly. They named the third-party vector publicly rather than deflect. They published indicators of compromise. They protected customers whose secrets were marked sensitive. Not every company handles a breach this cleanly, and the security industry is better off when disclosure is the default.

The Structural Problem

Here’s the part that matters beyond Vercel.

Every company today runs an unseen, undocumented identity supply chain. It doesn’t live in package-lock.json. It lives in the OAuth consent screens your employees clicked through the first time they tried a new SaaS tool, and in the long-lived API keys sitting in environment variables, Kubernetes secrets, and CI/CD config files.

Two assumptions the industry has been taking for granted are now breaking:

Assumption 1: OAuth tokens are safe because the user approved them.

Reality: The user approved the vendor, once, months or years ago. The token is now a password with no expiration and no review.

Assumption 2: Environment variables are safe because they’re not in the code.

Reality: They’re just as static, just as long-lived, and just as valuable to an attacker as credentials committed to a repo — arguably more, because they’re production.

What to Do This Week

Audit every OAuth app with “Allow All” or broad Workspace scopes. Revoke anything unused or over-scoped.
Inventory every static API key older than 90 days. Treat them as already-compromised until rotated.
Separate sensitive from non-sensitive environment variables explicitly. If your platform supports it, move anything that grants production access to dedicated sensitive handling.
Reduce lifetimes. Anywhere you can swap a static key for a dynamic, just-in-time credential, do it.
Put AI-agent identities on the same footing as service accounts. They need issuance, rotation, and revocation like any other non-human identity.
Review logs, deployments, and access paths associated with affected systems.

All of this is necessary, although it doesn’t change the underlying problem: the credentials themselves still live too long.

Why Ephemeral Secrets Change the Outcome

As the Vercel breach makes clear, the initial compromise is rarely the story, the real issue is what the attacker finds.

A static secret is a promise: “This key will keep working.” An ephemeral secret is a limited transaction: “This credential exists for the next 15 minutes, for this one workload, for this one purpose.”

Attackers want the promise; they can’t monetize the transaction.

How Just-in-Time Secrets Work

A just-in-time (JIT) secret is generated at the moment a workload or user needs access, valid only for that session, and destroyed automatically when the session ends. Instead of an application reading a long-lived API key out of an environment variable, it requests a credential from a secrets platform, uses it, and lets it expire.

The implementation details vary, but the principle is consistent: credentials are created on demand, scoped to a specific task, and automatically expire without requiring manual rotation.

Blast-Radius Math

That shift changes the math of a breach. A static API key with no rotation policy has a useful lifetime, from an attacker’s perspective, of approximately “forever, or until someone notices.” Real-world disclosures routinely reveal keys that were stolen months before being used.

Contrast this with a JIT credential with a 15-minute TTL. From an attacker’s perspective, it has a useful lifetime of at most 15 minutes. And crucially, that window starts when the credential was legitimately issued, not when it’s stolen. A credential stolen 20 minutes after issuance is already dead.

This matters for incident response too. When the Vercel breach hit, a significant number of companies spent the weekend rotating credentials by hand across every affected system. With JIT credentials, there is no “rotation event,” every new session is already a new credential. The incident response for the same class of breach collapses from a multi-day fire drill to a targeted, minutes-long review.

This Isn’t Just a Vault Problem

Isn’t this just a vault? No, and the distinction matters. A vault protects a secret at rest. It encrypts it, controls who can read it, and logs access. These are necessary properties, but they do not change the nature of the secret itself. A stolen, long-lived secret retrieved through legitimate vault access still works wherever it works.

An ephemeral-secrets architecture changes the nature of the secret. It moves the security property from “hard to read” to “useless if stolen.” Those two properties compose; modern platforms offer both.

What This Looks Like in Practice With Akeyless

If you take that model seriously, you need infrastructure that can actually issue, scope, and remove credentials continuously. This is where Akeyless comes in.

Akeyless is a SaaS secrets-management platform built around three architectural commitments that speak directly to the Vercel class of breach:

Dynamic, just-in-time secrets across databases, cloud providers, SSH, and AI agents, so the credentials in your runtime environment don’t outlive the session that needs them.
Distributed Fragments Cryptography™ (DFC™) — encryption-key fragments are distributed and constantly refreshed, so secrets can’t be decrypted outside your environment, even by us.
Unified visibility across every cloud, SaaS, and AI system in your stack, so OAuth sprawl and secret sprawl become measurable rather than theoretical.

In practice, this model shows up differently depending on the system:

For databases, Akeyless generates a temporary user with a scoped role at request time, and deletes it when the session ends.
For cloud providers, Akeyless federates with IAM to issue short-lived tokens instead of distributing long-lived access keys.
For SSH, Akeyless issues signed certificates that expire in minutes, eliminating the need to distribute static private keys.
For AI agents, Akeyless allows agents to retrieve credentials on demand without ever storing them locally — which matters because agents introduce entirely new paths for secret exposure.

The common thread is simple: there is nothing persistent left behind for an attacker to reuse.

What This Doesn’t Solve

To be clear: ephemeral secrets don’t prevent the initial OAuth compromise in a Context.ai-style incident. No secrets platform does. What they change is the value of what the attacker finds when they pivot. A compromised employee account that enumerates internal systems and finds only short-lived, scoped credentials is a much less productive breach than one that finds static API keys.

The right mental model is defense in depth for identity:

OAuth hygiene, least-privilege scopes, and consent review at the edge
Ephemeral, scoped credentials everywhere underneath

Next Steps

The Vercel breach will not be the last of its kind. OAuth sprawl is going to keep growing. AI agents acting on behalf of employees will keep accumulating scopes. Static secrets will keep aging in environment variables until someone finds them.

We already laid out what steps to take this week but those don’t change the underlying model that made the breach valuable in the first place. The durable answer isn’t a better vault. It’s a different kind of secret: one that is generated on demand, scoped to a single session, and destroyed automatically when the session ends.
To see what that looks like in your own environment, request a secrets architecture review and demo with the Akeyless team.

Table of Contents

Frequently Asked Questions

Breach Analysis & Security Lessons