Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
Context.ai hacked triggers a Vercel security crisis; the CEO publicly shares the full investigation progress
Vercel CEO Guillermo Rauch publicly disclosed investigation progress on the X platform, confirming that the third-party AI platform Context.ai used by Vercel employees was compromised. The attacker obtained employees’ account credentials through the platform’s Google Workspace OAuth integration, and then gained further access to part of Vercel’s internal environment and environment variables that were not labeled as “sensitive.”
Attack chain: from OAuth intrusion of an AI tool to step-by-step infiltration of the Vercel environment
According to Vercel’s investigation, the attack path consists of three gradually escalating stages. First, Context.ai’s Google Workspace OAuth application was compromised in a prior, larger-scale supply chain attack, which may have affected hundreds of users across multiple organizations. Second, after compromising Context.ai, the attacker took control of Vercel employees’ Google Workspace accounts and used their credentials to access Vercel’s internal systems. Third, through enumeration, the attacker used environment variables that were not labeled as “sensitive” to obtain additional access privileges.
In the announcement, Rauch said the attacker’s actions were “astonishingly fast,” their understanding of Vercel systems was “very thorough,” and that it was highly likely they significantly improved attack efficiency with the help of AI tools.
The security boundary between “sensitive” and “non-sensitive” environment variables
This incident reveals key details of Vercel environment variable security mechanisms: environment variables labeled as “sensitive” are stored in a way that prevents reading, and the investigation has not found evidence that these values were accessed. What the attacker leveraged were environment variables not labeled as “sensitive.” Through enumeration, the attacker successfully obtained additional access privileges from them.
Vercel has added an environment variable overview page and improved the management interface for sensitive environment variables to help customers more clearly identify and protect high-risk configuration values.
Vercel’s emergency response and the official recommended action checklist
Vercel has hired Google Mandiant, other cybersecurity companies, and notified law enforcement agencies to get involved. Next.js, Turbopack, and Vercel’s open-source projects have all been confirmed as secure through supply-chain analysis, and the platform services are currently operating normally.
Official recommended customer security actions
Review activity logs: Review the activity logs for accounts and environments to identify suspicious activity
Rotate environment variables: Any environment variables that contain confidential information (API keys, tokens, database credentials, signing keys) but are not labeled as sensitive should be treated as potentially leaked and rotated first
Enable sensitive environment variable functionality: Ensure that all confidential configuration values are correctly labeled as “sensitive”
Review recent deployments: Investigate abnormal deployments and delete suspicious versions
Set deployment protection: Ensure it is set to at least the “standard” level, and rotate the deployment protection token
Frequently asked questions
What is Context.ai, and how did it become the entry point for this attack?
Context.ai is a small third-party AI tool that uses a Google Workspace OAuth integration and is used by Vercel employees for day-to-day work. The investigation shows that the OAuth application for this tool was compromised in a more widely scoped supply chain attack, which may have affected hundreds of users across multiple organizations, and that Vercel employees’ account credentials were obtained by the attacker during this process.
Are environment variables labeled as “sensitive” affected?
At this time, the investigation has found no evidence that environment variables labeled as “sensitive” were accessed. These variables are stored in a special manner to prevent reading. The attacker used environment variables that were not labeled as “sensitive,” and through enumeration, the attacker successfully obtained additional access privileges from them.
How can Vercel customers confirm whether they are affected?
If you have not received direct contact from Vercel, Vercel says there is currently no reason to believe that the credentials or personal data of affected customers have been exposed. Vercel recommends that all customers proactively review activity logs, rotate environment variables that are not labeled as sensitive, and properly enable the sensitive environment variable feature. If you need technical support, contact Vercel via vercel.com/help.