Vercel Employee AI Tool Access Triggered Data Breach via OAuth Tokens

On March 5, 2026, Vercel's security operations center (SOC) detected anomalous activity stemming from an OAuth token tied to a senior developer's account. The token, scoped to the company's internal AI‑powered code generation platform, had been harvested via a targeted spear‑phishing email that compromised credentials to Vercel's Google Workspace single‑sign‑on. Attackers used the token to authenticate to the AI tool, gaining elevated API privileges.

With the compromised token, the adversary performed a series of API calls that allowed them to enumerate and clone repositories containing proprietary AI models and customer source code. The breach exposed data from 210 enterprise customers, including critical environment variables, API keys for Vercel's edge functions, and internal training datasets for the AI model. Forensic analysis traced the exfiltration to an external IP linked to the APT group known as "ShadowGrid". The stolen OAuth token functioned as a new lateral‑movement vector, enabling the attacker to pivot across multiple internal services without triggering traditional credential‑based alerts.

Vercel responded by immediately revoking the compromised OAuth token, disabling the AI code assistant for 48 hours, and rotating all service‑account credentials across its infrastructure. The company also implemented hardware‑backed token validation using FIDO2/WebAuthn for AI tool access and reduced token scopes to read‑only where possible. In an incident report published on March 10, Vercel said it had notified affected customers, offered remediation guidance, and introduced a new "OAuth Least‑Privilege" policy for all internal AI services.

Alex Turner, senior threat‑intel researcher at CyberDefense Labs, noted that the case underscores a broader shift: "Stolen OAuth tokens are the new attack surface, the new lateral movement." He advised organizations to adopt continuous token monitoring, enforce token binding to device posture, and audit third‑party OAuth integrations regularly. As AI‑assisted development tools become ubiquitous, security teams must treat OAuth tokens as critical assets and embed them in zero‑trust architectures.