.png){kind=small}
Everyone in the industry is talking about agentic AI security, but it's the simple day-to-day items within the SaaS ecosystems themselves that pose the biggest threats. Organizations are racing to embed agentic AI security within their security strategy, but they’re still missing the fundamental basics that put their sensitive company data at risk in the simplest of ways.
Vercel has confirmed that it has been affected by a security incident: a compromised third-party AI app with over-permissive OAuth access in Google Workspace.
The breach highlights a rapidly growing risk across modern organizations: every connected SaaS and AI tool is a potential entry point into your business.
Who is Vercel?
Vercel is a leading cloud platform for developers, best known for building Next.js and powering modern web application deployment through serverless infrastructure, edge computing, and CI/CD workflows.
Its platform sits at the center of development pipelines - making access to its systems particularly valuable to attackers.
What Happened?
Vercel disclosed that attackers gained unauthorized access to internal systems via a connected app that was connected to Google Workspace via OAuth.
While the full scope is still under investigation, the company confirmed that:
- Internal systems were accessed
- A small portion of customer data may have been exposed
- Incident response teams and law enforcement are involved
But the most important detail is not what was accessed - it’s how attackers got in.
Already Trusted Apps Are Your Biggest Risk
Every SaaS or AI tool connected to:
- Google Workspace
- Slack
- CRM systems
- Internal platforms
...represents a potential backdoor into the organization.
And unlike traditional malware or exploits:
- These tools are legitimate
- They are connected to a users credentials
- They often have persistent OAuth permissions
- The security team usually doesn't know they're connected
The most concerning part is how little it took.
One employee using a small third-party tool → tool gets connected via OAuth → tool gets compromised → attackers get access to the employee’s Google Workspace…
and from there, the rest was history.
Additional details shared by Vercel’s bulletin and Vercel CEO Guillermo Rauch via X confirm that the initial point of compromise was tied to a Vercel employee’s Google Workspace account - accessed following a breach involving the third-party AI platform Context.ai.
From there, the attacker leveraged the compromised account to move laterally into Vercel’s internal environments. Once inside, they were able to access certain environment variables that had been designated as “non-sensitive” and were therefore not encrypted at rest.
While these variables were not intended to store sensitive data, the attacker was able to enumerate them and use that information to further escalate access within the environment.
Rauch emphasized that Vercel encrypts all customer-designated sensitive environment variables and maintains multiple layers of defense to protect core systems and user data. However, he acknowledged that the ability to classify variables as non-sensitive created an opportunity for the attacker to expand their access through enumeration.
Vercel has since confirmed that its ongoing open-source projects, including Next.js and Turbopack, were not impacted.
In response to the incident, the company has introduced updates to its platform, including improved visibility and management controls for environment variables, and is urging customers to review their configurations and ensure sensitive data is properly encrypted.
The disclosure follows claims from a threat actor who is reportedly attempting to sell access to stolen Vercel data on underground forums.
According to publicly shared information via LinkedIn, the listing allegedly includes source code, database access, and GitHub tokens, with an asking price of approximately $2 million in Bitcoin. However, these claims have not been independently verified.
Vercel assesses the attacker as highly sophisticated based on their “operational velocity” and “detailed understanding” of Vercel's systems. They are currently working with Mandiant, cybersecurity firms, industry peers, and law enforcement.
How DoControl Prevents This Exact Scenario
Incidents like the one at Vercel are not new, and they’re not rare.
Many security vendors claim to protect against third-party SaaS and Google Workspace-based attacks. Yet breaches involving compromised OAuth applications, connected tools, and identity takeover continue to happen.
Why? Because most solutions focus on simply blocking unknown applications or trying to manage shadow IT. But they fail to address the real problem: legitimate apps connected via OAuth, and the dynamic, context-driven decisions required to secure them without disrupting business operations.
DoControl is purpose-built for protecting sensitive SaaS data in Google Workspace, and to prevent incidents exactly like this one.
Complete Visibility into Every Connected Application
DoControl gives security teams a full inventory of every application connected to Google Workspace, including:
- All OAuth applications across the organization
- The exact permissions and scopes each app has been granted
- Which users are connected to each application
- What data those applications can access
This eliminates one of the biggest gaps exposed in the Vercel incident: not knowing which applications have access, and how much access they actually have.
DoControl also auto-detects risky OAuth access by continuously monitoring API calls and identifying variations in behavior - eliminating one of the biggest gaps exposed in the Vercel incident: the inability to detect when a trusted application begins acting outside of its expected scope.
Context and Risk Scoring for Every App
Seeing which apps are connected isn’t enough. Security teams need to understand which apps are actually risky.
DoControl enriches every connected application with:
- A risk score based on permissions, behavior, and access patterns
- Indicators of excessive or unnecessary access
- Signals of anomalous or suspicious activity
It also provides clear guidance on:
- What to look out for
- Which applications require immediate attention
- Where risk is actively increasing
So teams aren’t just seeing apps - they’re understanding which ones could become the next entry point.
Real-Time Monitoring of OAuth Behavior
The Vercel breach wasn’t caused by a new app, it was caused by a trusted app behaving in a compromised way.
DoControl continuously monitors:
- How applications interact with Google Workspace data
- Changes in usage patterns over time
- Excessive or unusual data access tied to OAuth tokens
This allows teams to detect when a legitimate application starts acting like a threat
Immediate Remediation, In Seconds, Not Hours
When risky behavior is detected, speed is everything.
Within the DoControl platform, security teams can actually:
- Instantly revoke OAuth permissions
- Remove or disable risky applications
- Cut off access to sensitive data
All with a single click.
Or, teams can run these sorts of remediations, controls, and checks automatically, through policy-driven workflows running in the background 24/7.
These workflows continuously:
- Monitor behavior
- Detect anomalies
- Trigger remediation actions in real time
So even if no one is actively watching,exposure is identified and contained immediately
Protecting Against the Inevitable
The reality is:
Your employees WILL continue to adopt new tools.
They WILL connect AI applications.
They WILL grant OAuth access.
The question is not whether this will happen - it’s: will you have visibility and control when something goes wrong?
DoControl ensures that when a trusted application becomes compromised:
- You see it immediately
- You understand the risk instantly
- You can shut it down before it spreads
The Vercel incident started with:
- One employee
- One OAuth connection
- One trusted application
And that was enough to change the course of their company forever.
DoControl is built to make sure that a single connection doesn’t become a full-scale breach.
Sources:
https://vercel.com/kb/bulletin/vercel-april-2026-security-incident
https://x.com/rauchg/status/2045995362499076169
https://www.linkedin.com/feed/update/urn:li:activity:7451856032148008960/
.png)