In early 2026, a security breach at Vercel was triggered by an employee at Context.ai downloading a Roblox cheat bundled with Lumma Stealer malware, which compromised internal systems and enabled attackers to access non-sensitive environment variables stored by Vercel. This incident exposed the risks posed by broad OAuth permissions granted to third-party AI tools and highlighted how non-sensitive environment variables were less protected, prompting Vercel to change its default encryption settings; the breach has led to widespread credential rotations and raised concerns over the security trade-offs in AI tooling and developer convenience.
