In April 2026, threat actors compromised Context AI (context.ai), a third-party AI tool with an active OAuth integration to Vercel, and leveraged that trusted OAuth relationship to access Vercel internal systems and limited customer data without directly attacking Vercel’s own authentication layer. Affected customers, disproportionately crypto and Web3 developers, face risks of credential theft, API key exposure, environment variable exfiltration, and potential on-chain financial loss. The threat actor(s) subsequently demanded $2 million in ransom and claimed to be selling exfiltrated data, elevating urgency for exposed organizations. Immediate actions required: revoke all Context AI OAuth tokens, rotate all Vercel API keys and environment variable secrets, audit Vercel audit logs for anomalous OAuth token activity during April 2026, and initiate a full third-party OAuth integration inventory across your organization.