Vercel's incident now belongs on the procurement desk. The company's bulletin says a Context.ai compromise let an attacker use an employee's Google Workspace OAuth path, reach Vercel systems, and enumerate non-sensitive environment variables. [1]

Monday's paper called the Context.ai breach the AI-agent OAuth warning label. Tuesday removes the drama and leaves a form: who approved the tool, what scopes did it receive, what tenant policy allowed it, and which secrets were readable when the vendor failed?

Context.ai's own update says compromised OAuth tokens from AI Office Suite users were involved and that Vercel's enterprise Workspace was accessed through one such token. [2] The Register's account supplies the same practical moral: an agentic office tool with broad grants became a production-infrastructure problem. [3]

The divergence is clean. Mainstream coverage writes breach mechanics and remediation. Security X writes apocalypse. Procurement has the better verb: inventory. Every AI agent requesting calendar, document, email, code, deployment, or workspace permissions is no longer only a productivity vendor. It is a security principal.

That does not require panic. It requires vendor approval records, OAuth scope review, revocation drills, environment-variable sensitivity defaults, and a policy that treats "connect your workspace" as a material access decision. Vercel made the hidden bargain public.

-- ANNA WEBER, Berlin