Skip to main content
OAUTH PIVOT — VERCEL × CONTEXT.AI - An LLM tool got an OAuth token and the token got the company — the Vercel breach as a consent screen you click while reading email. Cotton tee.

OAUTH PIVOT — VERCEL × CONTEXT.AI

$34

> FREE animated GRINNING DAEMON wallpaper with every order

On 04/19, Vercel disclosed a breach that did not exploit a Vercel system. An employee installed a third-party AI productivity tool — Context.AI — and granted it OAuth access to their Google Workspace. Context.AI was independently compromised. Attackers walked the OAuth grant into the employee's Vercel Workspace account, escalated into internal environments, and exfiltrated customer environment variables that hadn't been marked sensitive. A self-described ShinyHunters operator is publicly demanding $2M. Front: a single Google-style OAuth consent screen rendered as a dialog box. Header reads 'CONTEXT.AI WANTS TO ACCESS YOUR ACCOUNT'. The list of scopes is the design — read mail, modify drive, read calendar, send messages, manage workspace — culminating in 'and 11 more.' At the bottom, a row of two buttons: a small grey 'CANCEL' and a large red 'ALLOW' — checked. This is a tee about the moment the perimeter moved. The firewall is fine. The VPC is fine. The thing that broke was a checkbox a human clicked while reading their email. KTTK is printing the checkbox.

> SELECT SIZE

Premium print-on-demand product. Printed when you order.

Printed and shipped via Printify's global network. Standard delivery: 5-10 business days. Tracking number provided via email.

Crack It or Return It guarantee. 7-day window from delivery. Full refund, keep the merch.