App hosting giant Vercel disclosed Thursday that hackers stole customer data from some accounts weeks or months before the company detected its widely reported April breach—a revelation that suggests the incident’s scope may extend far beyond what executives first acknowledged.
The San Francisco-based company said in an updated incident report that expanded forensic analysis uncovered evidence of malicious activity that “predates this incident, potentially as a result of social engineering, malware, or other methods.” The update did not specify how many customers were affected or how long the earlier compromise lasted—details Vercel declined to provide when asked.
Vercel first disclosed on April 20 that hackers had breached internal systems after an employee downloaded software from Context AI, a startup that sits at the intersection of AI infrastructure and developer tooling. Attackers exploited that download to access the employee’s work account, then pivoted into Vercel’s systems where they accessed customer credentials that, notably, were not encrypted.
The new findings suggest a more complex attack pattern. In a post on X, Vercel CEO Guillermo Rauch said the hackers had been active “beyond that startup’s compromise,” referring to Context AI. Rauch pointed to information-stealing malware—commonly distributed disguised as legitimate software—that hunts computers for API keys and tokens. Once obtained, the attackers exhibited a “repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables.”
The timing is particularly awkward for Context AI. The startup confirmed to TechCrunch that Delve, a compliance startup recently accused of faking customer data and rubber-stamping audits, had performed its security certifications. Context AI said it has since ditched Delve and is moving to Vanta and Insight Assurance for re-certification.
Security researchers had previously reported that a Context AI employee’s computer was infected with infostealer malware after allegedly searching for Roblox game cheats—a detail Rauch’s comments appear to corroborate.
For Vercel’s customers, the dual disclosures raise uncomfortable questions about how long sensitive data sat exposed and why internal credential storage lacked basic encryption. The company said it has notified affected customers, but without specifics on scope or timeline, developers hosting production applications on Vercel’s platform are left to guess whether they were among the compromised accounts.
