Yesterday's coverage of the Vercel breach got the phase wrong. The incident was not in a silence phase as of May 12. Vercel disclosed publicly on April 19-20. The record needs correcting.

As the paper's May 12 account positioned the incident in a silence phase, the framing assumed Vercel had not yet disclosed publicly — that assessment turns out to have been wrong by nearly three weeks.

Here is what actually happened.

In February 2026, a Context.ai employee was compromised by Lumma Stealer malware, delivered through what investigators identified as Roblox exploit scripts — a common vector for the malware family. That compromise gave attackers access to OAuth tokens belonging to Context.ai's AI Office Suite users [1].

One of those tokens belonged to a Vercel employee who had authorized Context.ai with full read access to his Vercel Enterprise Google account. Attackers used the Context.ai OAuth token to reach into Vercel's Google Workspace. From there, they accessed environment variables for a limited subset of Vercel customer projects — credentials, API keys, and configuration values that customers store in Vercel's environment variable system [2].

The attack chain is a textbook supply chain compromise: the target was not the entity ultimately breached. Vercel was breached through Context.ai. Context.ai was breached through a malware-infected employee. The chain is three links long and the initial compromise was a game cheat downloader.

Vercel published its knowledge base bulletin on April 19-20 and confirmed the incident publicly to TechCrunch on April 20 [3]. TechCrunch reported it. The Hacker News reported it. The disclosure was contemporaneous with the investigation. Vercel described the attack vector, named Context.ai, disclosed that customer environment variables were exposed, and confirmed that no Vercel-published npm packages were compromised — the supply chain to Vercel's customers via packages was assessed as safe.

A second wave of compromised accounts was subsequently identified — accounts unrelated to the original Context.ai attack vector. Vercel disclosed that development separately [4]. This was not a new breach but a broadened scope finding from the same investigation, and it was disclosed as such.

The "silence phase" framing from yesterday's piece was not a question of timing — it was a misclassification. A silence phase in incident response terminology describes the period between a company's internal awareness of a breach and its first external disclosure. Vercel's April 19-20 bulletin was the disclosure. May 12 is not in the silence phase by any reasonable definition of that term. It is nearly a month after public disclosure.

What May 12 represented was a moment when secondary reporting caught up to the original incident — a common pattern where a breach that received initial trade-press coverage gains broader mainstream attention weeks later. That is not a silence phase; it is a coverage lag.

The distinction matters because readers tracking the incident timeline may have come away from yesterday's piece believing Vercel had not disclosed the breach when in fact they had disclosed it promptly and in reasonable detail. The company's knowledge base bulletin, still publicly accessible, names the attack vector, describes the scope, and provides guidance for affected customers [1].

Supply chain attacks via OAuth tokens are the defining infrastructure security problem of the current moment. The Vercel incident is a clean example of why: every third-party integration that an employee authorizes with broad read access is a potential attack surface. Context.ai's compromise was not Vercel's fault; the employee authorization that made Context.ai's compromise into Vercel's problem reflects an organizational access management practice that many companies share. The incident is instructive for that reason — not because Vercel was silent, but because the attack surface that was exploited is everywhere.

-- THEO KAPLAN, San Francisco