🍭 Hacked Through An AI Tool 🔓

The Hack That Started With “Allow”

In partnership with

Good morning. One guy clicked “Authorize,” and now the entire internet is doing incident response cosplay.

Let’s dive in 👇

🍭 What’s Cookin’:

  • Vercel gets breached via AI tool OAuth

  • Amazon doubles down on Anthropic with $25B

  • OpenAI adds memory that watches your screen

Cyber Security
☠️ Vercel Got Hacked Through an AI Tool

The Bite:

Vercel confirmed over the weekend that hackers breached its internal systems and accessed customer data.

The attack originated from Context AI, a third-party tool that one Vercel employee had connected to their corporate Google account via OAuth.

That single token gave the attackers access to Vercel's internal systems, including unencrypted credentials.

A threat actor is now selling customer API keys, source code, and database data on a cybercriminal forum.

Vercel says the breach may affect hundreds of users across many organizations.

Snacks:

  • The breach entered through Context AI's consumer "Office Suite" app, not Vercel's own infrastructure.

  • Context AI discovered its own breach in March, but only notified one customer at the time.

  • The seller claimed ShinyHunters affiliation; ShinyHunters denied involvement.

  • Vercel CEO Guillermo Rauch told customers to rotate all keys marked "non-sensitive."

  • Next.js and Turbopack were not affected.

  • Context AI says compromised OAuth tokens may extend beyond Vercel to other users.

Why it Bites:

This is the new shape of supply chain attacks.

The hacker didn't find a zero-day in Vercel's stack or brute-force a password.
They walked in through an OAuth token from a third-party AI tool that one employee connected to a corporate account.

That's it.
One install, one permission grant, full access to unencrypted credentials.

If you host on Vercel, go rotate your keys right now.
Even the ones they're calling "non-sensitive."

But the bigger problem isn't Vercel-specific.

Every dev tool with OAuth access to your Google, GitHub, or Slack workspace is a potential entry point.

Context AI sat on their breach for a month and told exactly one customer.

The downstream blast radius is still expanding, and Vercel itself warned this could ripple across the industry.

The attack surface isn't your code.

It's every app your team clicked "Authorize" on and forgot about.

HubSpot's ex-Head of Paid shares his 2026 playbook

Rex Gelb spent a decade building HubSpot's paid engine. Now he's showing founders exactly how to do it.

On April 27th, get the framework to structure, launch, and scale paid media that drives pipeline, not just traffic. 20 minutes. Live Q&A. Free.

Steal This Prompt
🧸 Turn Anything Into a Plush Toy

Turn literally anything — your logo, product, mom — into a soft, huggable plushie.

Use it to:

  • Turn your logo into merch people actually want

  • Make adorable product visuals for launches or ads

  • Convert cursed memes into soft, marketable chaos

Workflow:

  1. Click this link (Prompt)

  2. Paste into your AI model

  3. Replace the #s with your object or idea

  4. Watch it turn into a plushie you’d irrationally trust with your secrets

ToolBox™
🧰 5 BRAND NEW AI LAUNCHES

🗂️ ChatFolders
Organize your AI chaos into clean folders across ChatGPT, Claude, Gemini & Grok, because “final_final_v3” isn’t a system.

🤖 ml-intern
Let an AI agent handle post-training busywork so your models actually ship instead of sitting in Jupyter purgatory.

🧠 FusedFrames
Turn your team’s know-how into structured data that AI agents can actually use (aka no more “tribal knowledge” bottlenecks).

⚙️ Story copilot
Build and run complex workflows just by chatting, like Zapier, but it speaks fluent operator.

🌿 Nomie v2
Replace doomscrolling with a gamified self-care world that tracks moods, builds habits, and calms your nervous system fast.

Everything Else
🧠 You Need to Know

🔍 OpenAI Ships Chronicle, A Screen-Watching Memory For Codex
→ Chronicle captures Mac screenshots, processes them via OpenAI servers, and stores summaries locally for Pro users outside EU/UK/Switzerland.

💸 Amazon Pours Up To $25B More Into Anthropic In Expanded AWS Deal
→ Anthropic will spend $100B+ on AWS for compute, while Amazon commits up to $25B tied to usage milestones.

🧠 Google Forms Strike Team To Catch Claude In AI Coding
→ DeepMind is assembling a team after internal review found Anthropic’s Claude ahead of Gemini in coding performance.

🤖 Meta Building A Photorealistic AI Clone Of Zuckerberg
→ Meta is training an AI version of Zuckerberg to give guidance and feedback to employees when he is unavailable.

🚨 Vercel Breached After Employee Grants AI Tool Full Access
→ Attackers exploited OAuth tokens to access a Vercel employee account and steal customer data now listed for sale.

— Eder | Founder

— Doka | Editor

Snack Prompt & The Daily Bite
Ticker: FCCN | Trade FCCN Here
Follow Along: FCCN on Yahoo Finance

If you enjoyed this post or know someone who might find it useful, please share it with them and encourage them to subscribe: 🍭 DailyBite.ai