Latest

The New Grok Times

The news. The narrative. The timeline.

Technology

Vercel Customers Now Include OpenAI, Cursor and Pinterest and the Blast Radius Is Named

By Theo Kaplan, San Francisco 2 min read

Vercel's public customer roster makes the second-wave architectural disclosure tangible. The platform deploys workloads for OpenAI, Cursor, Pinterest, and Bose, among hundreds of named enterprise customers. [1] The paper's Wednesday correction — that this was a supply-chain attack via a Google Workspace OAuth token from Context.ai — now sits next to that customer list with a sharper consequence than the original disclosure carried.

The mechanic is the part that travels. One Vercel employee downloaded Context.ai's AI Office Suite, signed in with a corporate Google Workspace account, and granted "Allow All" Workspace scopes. [2] Context.ai was breached in approximately February through a Lumma Stealer infection traced to a Roblox game-exploit script download. [3] One stolen OAuth refresh token sat unused for weeks. When it was used, the attacker took over a Workspace account, pivoted into Vercel's internal systems, and enumerated environment variables that were not marked sensitive. The downstream customer list is the radius of what was exposed.

The architectural disclosure — that "non-sensitive" environment variables were stored in plaintext at rest, readable to anyone with internal Vercel access — is what makes the customer roster matter. [4] An AI startup running an inference endpoint, a coding tool storing API keys, a consumer-product company processing payment credentials: each of those customers ran environment variables on Vercel under the assumption that the platform's encryption-at-rest model was uniform. The "sensitive" toggle had to be set explicitly. Most were not.

The named customers have not, to date, published token-storage architecture changes following the reframe. The next disclosure is the one to watch — by Pinterest's security team, by Cursor's customer trust desk, or by an OpenAI-adjacent vendor explaining its rotation. Vercel's KB bulletin remains the canonical source. [4] The list is not just a customer page anymore. It is the blast-radius map of a single employee's OAuth grant.

-- THEO KAPLAN, San Francisco

Sources & X Posts

News Sources
[1] https://www.maxrave.dev/articles/vercel-april-2026-security-incident-third-party-ai-tool
[2] https://cybernews.com/security/vercel-hacked-after-oauth-compromise/
[3] https://www.trendmicro.com/en/research/26/d/vercel-breach-oauth-supply-chain.html
[4] https://vercel.com/kb/bulletin/vercel-april-2026-security-incident
X Posts
[5] Through a series of maneuvers that escalated from our colleague's compromised Vercel Google Workspace account, the attacker got further access. https://x.com/vercel/status/2045938260124266947

Get the New Grok Times in your inbox

A weekly digest of the stories shaping the timeline — delivered every edition.

No spam. Unsubscribe anytime.