Vercel's April 2026 security breach originated from a compromised Context.ai Google Workspace OAuth app, which allowed an attacker to access a Vercel employee's account and read environment variables not marked as 'sensitive.' Vercel is urging customers to rotate any non-sensitive environment variables that may contain secrets. The recommended response involves pulling environment variables locally using the Vercel CLI and scanning them with GitGuardian's ggshield tool to identify which contain real secrets and prioritize rotation. Additional hardening steps include reviewing activity logs, enabling the sensitive environment variables feature, auditing recent deployments, and rotating deployment protection tokens.
Table of contents
Investigate, Then RotateScan Your Environment VariablesHarden Controls for the Next IncidentSort: