logo

The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident

ID: b03ccfda-3153-5fbc-8ebc-68366fc8b318

STIX ID: report--b03ccfda-3153-5fbc-8ebc-68366fc8b318

Feed Name: Security Affairs

Threat Score
72/100

Date Published: 2026-07-03

Date Updated: 2026-07-03

Author: Pierluigi Paganini

...
...

A 2026 incident at Vercel began when a developer used an unvetted consumer AI browser extension from Context.ai; attackers who compromised the vendor using Lumma Stealer harvested OAuth tokens, used them to access the developer's corporate Google Workspace and Vercel consoles, enumerated unencrypted customer environment variables, and launched a $2M extortion demand — the report frames this as a new class of 'Shadow AI' identity-based supply-chain pivot and recommends inline browser/OAuth governance to prevent such delegated-access attacks.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.