The cloud development company Vercel disclosed a security breach in April 2026 that originated in a third-party artificial intelligence tool, illustrating how AI services woven into corporate software stacks can become a path for attackers.
According to incident reporting, the breach traced back to Context.ai, an AI tool Vercel used. A Context.ai employee was infected with malware in February 2026, which led to compromised OAuth tokens. Those tokens, used to authorize access between connected services, allowed intruders to reach Vercel's internal systems. The chain shows how a compromise at one vendor can cascade into the environments of its customers.
The Vercel disclosure was one of several AI linked supply chain incidents during the period. In late March 2026, attackers compromised LiteLLM, an open source tool estimated to be present in a large share of cloud environments, inserting malicious code to harvest credentials across many organizations. Mercor, a data contracting firm that works with major AI labs, was among those affected, with the breach reported to expose data tied to tens of thousands of contractors.
Security researchers point to a common thread in these cases: AI tools are being adopted quickly and connected deeply to core systems, often without the access controls and monitoring applied to more established software. Companies disclosing the incidents have described steps to revoke compromised credentials, audit connected applications, and tighten oversight of third-party AI integrations. The episodes underline how the expanding use of AI services enlarges the attack surface that defenders must secure.
Source: Blue Radius - https://blueradius.io/ai-cybersecurity-incident-report-2026