Vercel – the US-based company behind Next.js, one of the most widely used web frameworks on the internet – has disclosed a security incident in which attackers gained access to internal systems via a compromised third-party artificial intelligence (AI) tool.
The cloud-based platform automates deployment from code repositories, delivers sites via a global edge network for speed, and provides tools like serverless functions and preview environments, making it a popular choice for developers using React and similar technologies.
According to Google, Vercel is used in South Africa and operates a data centre in Cape Town, as part of its Edge Network, ensuring low-latency hosting for local users.
KNOW MORE:
Cyber security leaders looking to stay ahead of evolving threats can join peers and industry experts at ITWeb Security Summit 2026 in Johannesburg and ITWeb Security Summit Cape Town 2026. The events will explore how organisations can strengthen resilience against AI-driven attacks, supply-chain risks and emerging cyber threats.
“We’ve identified a security incident that involved unauthorised access to certain internal Vercel systems,” says the company in a statement.
“We are actively investigating, and we have engaged incident response experts to help investigate and remediate. We have notified law enforcement and will update this page as the investigation progresses.
The company says it initially identified a limited subset of customers whose non-sensitive environment variables stored on Vercel (those that decrypt to plaintext) were compromised.
“We reached out to that subset and recommended an immediate rotation of credentials. We continue to investigate whether and what data was exfiltrated and we will contact customers if we discover further evidence of compromise. We’ve deployed extensive protection measures and monitoring. Our services remain operational.”
According to the company, the incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee.
It explains that the attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as “sensitive”.
Environment variables marked as “sensitive” in Vercel are stored in a manner that prevents them from being read, and “we currently do not have evidence that those values were accessed,” says the company.
“We assess the attacker as highly-sophisticated based on their operational velocity and detailed understanding of Vercel’s systems. We are working with Mandiant, additional cyber security firms, industry peers and law enforcement. We have also engaged Context.ai directly to understand the full scope of the underlying compromise.
“In collaboration with GitHub, Microsoft, npm and Socket, our security team has confirmed that no npm packages published by Vercel have been compromised. There is no evidence of tampering, and we believe the supply chain remains safe.”
Lotem Finkelstein, research VP at Check Point Software Technologies, says while Vercel has stated that a limited number of customers were directly affected, the broader implications for organisations relying on Next.js are significant and still developing.
He notes that given Next.js sees approximately six million weekly downloads, the potential blast radius for organisations is significant, and the story is still actively developing.
“This is not a theoretical risk but an active security incident involving a widely used library, which significantly increases the potential impact,” Finkelstein says.
“Given its broad adoption, even a single compromise can quickly translate into large-scale exposure across organisations, so organisations need to make sure the right security measures are in place to prevent any exposure related to this library.
“What makes incidents like this particularly challenging is the lack of immediate visibility − many organisations are not fully aware of where and how such dependencies are embedded across their environments, which can delay detection and response at scale.”
Share
