Vercel disclosed a security incident on April 19 in which attackers gained unauthorized access to internal systems by exploiting a compromised Google Workspace OAuth application belonging to an unnamed third-party AI tool, potentially affecting that tool's hundreds of users across many organizations. The platform itself remained operational, though a limited subset of customers was impacted; Vercel recommends rotating environment variables, particularly any not marked "sensitive." A threat actor claiming affiliation with ShinyHunters posted on hacking forums offering to sell access credentials, source code, and 580 employee records for $2 million, though actual ShinyHunters members publicly denied involvement.