A supply chain attack leveraging a compromised third-party OAuth application (Context.ai) allowed threat actors to breach Vercel's internal systems. The attackers exploited Vercel's environment variable sensitivity model to enumerate and expose unencrypted customer secrets, leading to potential downstream credential abuse across multiple cloud and SaaS platforms.