Eleven days after Vercel disclosed that its internal-systems breach traced back to a Context.ai Google Workspace OAuth grant whose scope predated the incident, the company has not published a revised OAuth-scope policy, has not named a third-party AI vendor allowlist, and has not received a CISA advisory pushing the broader Workspace-OAuth pattern to other tenants. The paper's account of Vercel confirming the breach reaches beyond Context.ai framed the predates-the-incident admission as the procurement story under the breach story. The eleven-day silence on remedy is now the story itself.

The chain is documented. Per Security Boulevard's reconstruction and BleepingComputer's confirmation, a Context.ai employee downloaded a Roblox-cheat malware bundle that hijacked the session, the attacker pivoted into a long-lived OAuth token granted to Context.ai by a Vercel administrator, and the token's scope — broader than the Context.ai integration required — let the attacker enumerate environment variables across non-sensitive Vercel resources. [1][3] ShinyHunters has posted a $2 million ransom demand for the stolen data. [2] Vercel chief executive Guillermo Rauch acknowledged the chain in an X disclosure on April 19; the company has not posted a follow-up since.

The procurement question is the one Rauch's silence amplifies. AI vendor integrations under Google Workspace require admin-level OAuth grants whose scope is set at install time and rarely audited afterward. A Series F company that markets itself on developer security has not, in eleven days, said which AI vendors retain admin-level grants in its tenant, which scopes were tightened after the incident, or what its allowlist policy will be. Procurement teams at three Fortune-500 customers, polled informally on Slack channels frequented by platform engineers, have begun preparing internal questionnaires that name Vercel directly. The disclosure now functions as a procurement filter for buyers who use the same Workspace patterns.

The federal silence compounds it. The Cybersecurity and Infrastructure Security Agency has not issued an advisory pushing the AI-vendor-OAuth pattern to other Google Workspace tenants. The Federal Trade Commission's 2025 endpoint-security order specifically warned about supply-chain entry vectors of this shape; it has not been invoked. The FBI's IC3 has not posted a flash on the pattern. Eleven days into the first publicly attributed supply-chain breach where the entry vector is an AI vendor's OAuth grant rather than a CVE or phishing kit, the federal cybersecurity bureaucracy has produced no paper.

The press-freedom-wartime thread the paper has carried since March intersects this story at the silence-as-policy register. Pentagon silence on the Minab school strike, Stars and Stripes silence three days after Smith's removal, and Vercel silence on OAuth remedy are not equivalent — the first two are state silences, the third is corporate. They share an operating posture: who can speak about which artifact, and on what timetable.

What the next ten days will test is whether a CISA advisory, a Vercel allowlist publication, or a customer-facing OAuth-scope reset arrives before procurement teams move. If not, the procurement story becomes the breach story, and the eleven-day window will read in retrospect as the moment a security-marketed company chose not to write its policy in writing.

-- THEO KAPLAN, San Francisco