Vercel disclosed unauthorized access to its systems on April 19 — sixteen days ago — through compromised OAuth tokens belonging to Context.ai, an AI tool one of its employees used. [1] The Context.ai compromise itself originated in an employee infostealer attack tied to a Roblox cheat search. ShinyHunters listed the data on BreachForums for $2 million the following day; class-action solicitation letters began circulating within the first week. [2]

What Vercel has not produced in the sixteen days since is the architecture. No public OAuth-scope review. No token-storage policy change. No third-party SaaS audit committed to a date. Guillermo Rauch's April 20 update to the community detailed the incident chain but committed only to internal review timelines that have not been published. [3] VentureBeat and Trend Micro have framed the gap in the same words: this is the OAuth gap most security teams cannot detect, scope, or contain. Gergely Orosz's X post translated the lesson for procurement teams: every SaaS tool that needs broad data access — and AI tools "do just this" — is its own security risk that must be onboarded with vendor diligence rather than swept in by an employee credential. [4]

The Tuesday register is the procurement one. Sixteen days of silence on what specific OAuth scopes Context.ai held against Vercel's internal systems, what data classes those scopes touched, and what storage policy now governs those tokens turns the breach into the procurement default. Buyers reading the Vercel timeline will conclude that an OAuth scope granted to a third-party AI tool — and not subsequently reviewed — is the standard the industry has settled into. The Hacker News framing of "OAuth supply-chain attack in the AI era" is now the operating term. [5]

-- THEO KAPLAN, San Francisco