A security breach at Vercel was triggered by the compromise of a third-party AI tool, Context.ai, which exposed an employee's account and allowed attackers to access internal systems and non-sensitive data. The attackers took control of the employee's Google Workspace account, using it to gain access to limited parts of Vercel's internal environments and variables. Although the breach was contained, it highlights the risks associated with relying on third-party tools and services. The incident is significant because it demonstrates the evolving nature of cyber attacks, which are increasingly targeting vulnerabilities in third-party vendors and services1. This breach may have regulatory and supply-chain implications, particularly given the involvement of Google Workspace. As a result, practitioners should be vigilant about the security of their own third-party dependencies to prevent similar breaches, and be prepared for potential downstream effects on their own organizations.