Active incident · Mobile supply-chain exposure

When Vercel gets breached,
the fallout lands in your phone.

The Context AI → Vercel breach stole API keys, source code, and database contents from hundreds of customer organizations. Most coverage focuses on web infrastructure. We pulled NowSecure MARI and looked at the mobile side — binaries already on real phones that hardcode or call *.vercel.app endpoints. What we found is a supply-chain problem that can't be rotated in a git push.

DW
David Weinstein · CTO, NowSecure
published 2026-04-20
233
observations
73
unique vercel hostnames
55
mobile apps impacted
61
unique package IDs
The chain

One OAuth grant → a tier-1 fintech's binary.

Context AI got phished in March. The attacker rode OAuth into a Vercel employee's Google account, pulled internal creds, and exfil'd customer data. For mobile teams, the breach doesn't stop at Vercel's perimeter — it rides shared SDKs and vendor config endpoints into apps that shipped months ago.

Step 01 phish Context AI Employee OAuth'd an app to their corporate Google. Attacker pivots through the grant.
Step 02 takeover Vercel Internal systems, unencrypted creds, customer API keys, source code, DB data exfil'd.
Step 03 fan out SDKs & Vendors Third-party services hosted on Vercel — Knot API, Tapcart, config backends — inherit the blast radius.
Step 04 signed + shipped Mobile Apps Hostnames baked into binaries already on millions of phones. Can't hot-patch a release.
What MARI sees

Three patterns from the data.

Pattern 01 · Fintech fan-out

Knot API is a shared upstream for tier-1 wallets.

knotapi.vercel.app and its dev/sandbox/switcher variants appear inside Venmo, PayPal, Cash App, Chime, Klarna, Cleo, Bilt Rewards, OnePay, Current, and Lyft Direct. One compromised Vercel surface → ten regulated financial apps asking incident-response questions at once.

VenmoPayPalCash AppChimeKlarnaCleoBilt RewardsOnePayCurrentLyft Direct
Pattern 02 · Commerce platform

Tapcart + Shopify customer-account pages.

shopify-customer-accounts.vercel.app and tapcart-consumer-sandbox.vercel.app appear across Dressbarn, edikted, Alphalete, World of Books, Livingood Daily, and Vapor95 — one SaaS surface, many consumer apps downstream.

DressbarnediktedAlphaleteWorld of BooksLivingood DailyVapor95
Pattern 03 · Release hygiene

Preview URLs shipped as production.

A surprising share of embedded hostnames aren't production at all — they're Vercel preview, demo, or v0-scaffold URLs that a build process forgot to swap. That's a release-process bug independent of today's breach. Today, it's also an open door.

nativewind-demo-compilerv0-loading-spinner-app*-git-**-dev-**-staging-*
Hostname concentration

Where the blast radius is dense.

Count of mobile-app observations per Vercel hostname. The top five are shared upstream surfaces — not one-off deployments.

The full list

Every app, every hostname.

Pulled from NowSecure MARI. Filter by app, hostname, or package. Scope tags indicate where the endpoint was observed in the binary or at runtime.

App
Hostname
Package
Version
Scope
MARI query · 2026-04-20
Do this week

Three concrete moves.

01

Scan your binaries for *.vercel.app.

Hardcoded URLs, network traffic, pinned certs. Include every third-party SDK — that's where the surprises live. MARI customers: the saved query is in your workspace.

02

Treat it as a third-party incident.

If any of your SDKs or vendors deploys on Vercel, ask them: were you in the blast radius, what did you rotate, which of our tokens did you hold? Ask for the rotation log, not a reassurance.

03

Audit for preview URLs in prod.

A v0-*, *-git-*, or *-dev-*.vercel.app inside a signed release is a hygiene bug independent of this breach. Fix it before the next one.

Want the full MARI view on your mobile supply chain?

We continuously analyze the apps your org publishes — and the ones your users trust you with. If you want to know which third-party clouds your mobile binaries actually touch, we'll run the query.

Talk to NowSecure → Explore MARI