Context.ai Security Breach Compromises Vercel OAuth Tokens and Exposes Broader Cybersecurity Challenges

27 Apr 2026

security-breachOAuthAWSVercelContext.aidata-breachAI-securityClaude-MythosCTFNISTNVDCVEOpenAIcybersecurityGoogle-Workspaceshadow-ITthird-party-riskquantum-cryptographyzero-knowledge-proof

In March 2026, Context.ai experienced a security breach leading to unauthorized AWS access, which subsequently compromised OAuth tokens for some users, including Vercel. Attackers exploited a compromised OAuth token from Context.ai to access Vercel's Google Workspace, exposing environment variables—though Vercel stated only non-sensitive variables were affected and encryption at rest remained intact. The incident highlighted issues with OAuth management, shadow IT, and third-party token sprawl, with Vercel's CEO attributing the attack's acceleration to AI, though critics argued it stemmed from poor security practices. Separately, the UK's AI Security Institute tested Claude Mythos, finding it completed 73% of expert-level CTF challenges and averaged 22 out of 32 steps in a corporate network attack simulation, outperforming prior models. NIST announced changes to the NVD program, deprioritizing CVE enrichment due to a 263% surge in submissions since 2020, now focusing only on critical vulnerabilities, federal software, or those in CISA's exploited catalog. OpenAI released a cybersecurity-focused model on April 14, 2026, while companies like Cal.com cited AI security concerns as a reason to transition from open to closed source. Additional updates included Google removing 602 million scam ads using Gemini AI and Trail of Bits bypassing Google's zero-knowledge proof for quantum crypto analysis.