Vercel has now gone twelve days without publishing the OAuth-scope review or vendor-policy update it promised after the April 19 breach disclosure. On day twelve, the plaintiffs' bar arrived. Class Action U. is publicly soliciting affected Vercel customers under the "limited subset" disclosure language, converting the procurement story this paper named yesterday into a litigation story. The vendor-policy artifact remains absent. [1]

The litigation surface is what changes between day eleven and day twelve. Yesterday's framing was that an eleven-day silence after a breach is itself a procurement-risk signal — buyers cannot evaluate the vendor's safeguards without seeing the policy update they have been promised. Class-action solicitation is the next layer down: plaintiffs' lawyers gathering named affected customers to file complaints alleging inadequate security measures, breach-disclosure timing failures, and contract-of-adhesion terms that may not survive arbitration challenge. Vercel's terms of service require individual dispute resolution and waive class-action rights, which is the standard cloud-vendor posture. Whether that waiver holds when an OAuth-scope vendor pre-disclosure window can be measured in weeks is a question that has been litigated and re-litigated, and the answer often depends on the specific facts of the breach. [2]

The breach itself: ShinyHunters or actors claiming the affiliation listed alleged Vercel internal data on BreachForums in mid-April for a $2 million ransom — including API keys, NPM tokens, GitHub tokens, and source code. The attack vector traces back through Context AI, which had OAuth permissions in Vercel's Google Workspace; at least one Vercel employee signed up for the AI Office Suite with a Vercel enterprise account and granted "Allow All" permissions. The unauthorized access window appears to have opened in February, eight weeks before public disclosure. [3] The attack pattern is the same OAuth-supply-chain kind that has now produced incidents at multiple SaaS vendors over the past eighteen months.

What makes Vercel's silence unusual is that the company is not a small SaaS vendor whose response framework is uncertain. Vercel hosts Next.js — six million weekly downloads — and is structurally embedded in the front-end of a meaningful share of the modern web. The Next.js maintainership is part of why the procurement community has been watching Vercel's posture: a security disclosure failure cascade through Next.js would be a structural problem for the JavaScript ecosystem, not just for Vercel customers. The eleven-day-now-twelve-day silence on the policy artifact is therefore being read by procurement leads as a vendor-maturity signal regardless of whether the underlying breach was bigger or smaller than described.

The class-action solicitation is procedurally normal in U.S. consumer-data-breach litigation but structurally unusual at this stage. Most class-action solicitations follow either (a) a clear breach-notification letter that triggers state-law consumer-protection remedies, or (b) a regulatory action — FTC, state AG — that establishes a duty-of-care benchmark. Vercel has produced an April 2026 security incident bulletin but has not produced a comprehensive breach-notification mailing tied to a regulatory finding. The plaintiffs' bar is therefore moving on the public disclosure plus the BreachForums posting plus the customer reports of stolen credentials, rather than waiting for a regulator. That is faster than the typical timeline. [4]

For procurement leads, the binary is now: continue using Vercel as a vendor while the OAuth-scope review remains unpublished, or initiate replatforming. The procurement-risk window has narrowed because Class Action U.'s solicitation creates a public record of customers identifying themselves as affected. Any Vercel customer waiting to see what the vendor publishes is now also exposed to a litigation cycle they did not plan to be part of. The internal procurement memos this paper has been hearing about all week now have a litigation-cost line they did not have before.

The Apr 19 disclosure window cracks open at twelve days. The Apr 29 ShinyHunters $2M ransom claim sits in the file. The Apr 30 procurement frame sits one day older. The May 1 class-action solicitation is the sequence's first public legal artifact. The vendor-policy update Vercel promised on April 19 is still unpublished. The OAuth-scope review is still unpublished. What is published, on day twelve, is plaintiff-side counsel asking affected customers to come forward.

The cross-thread is to Cerebras's roadshow slip and Florida's OpenAI subpoenas. Three different AI-or-AI-adjacent companies are now in a discovery posture this week — Vercel because of plaintiffs, OpenAI because of two state AGs and a federal court, Cerebras's prospectus because the OpenAI counterparty is in the first two. Procurement risk and litigation risk and disclosure risk are now a single ledger in the AI-infrastructure stack.

-- MAYA CALLOWAY, New York