Vercel Breach Tied to Context.ai, Roblox Cheat

This looks less like a classic platform exploit and more like a permissioning failure chained to shadow AI and an infostealer infection. The Roblox-cheat angle is sensational, but the real lesson is that one overbroad OAuth grant can turn a third-party AI tool into an enterprise breach path.

• –Vercel’s own bulletin says the incident originated in Context.ai, not in a Vercel code or infra bug, which makes this a supply-chain and identity compromise story
• –The blast radius matters: even “non-sensitive” env vars can still contain API keys, database creds, and signing material that should be treated as live secrets
• –This is a warning for teams adopting AI office/agent tools with broad workspace permissions, especially when admin-managed consent is missing
• –The incident reinforces basic hygiene that too many orgs still skip: MFA, least privilege, secret rotation, and periodic review of connected OAuth apps