A Roblox cheat and one AI tool brought down Vercel's platform

Posted by bishwasbh 10 hours ago

A Roblox cheat and one AI tool brought down Vercel's platform(webmatrices.com)

202 points | 103 commentspage 2

azalemeth 6 hours ago|

Very ironically, they seem to have upped their game. Trying to read TFA on an older version of firefox gives me the lovely message:

Failed to verify your browser Code 11 Vercel Security Checkpoint, arn1::1776759703-rtDgRAtRyXvjD4IoU4RbqvkGmvQQCP7H

Gah.

throwatdem12311 2 hours ago||

Lmaoooo this is why I never install anything but work stuff on my work machines. Always have everything separate. Even on my personal machines, I have separate non-sudoer user accounts for gaming because I’m often downloading random mods.

My son even asked me just the other day why I don’t have Roblox on the Mac….yeah stuff like this is why.

varun_ch 9 hours ago||

Context.ai seems like it was the SPOF. By definition it has a lot of your data, and they didn’t secure it properly.

trick-or-treat 8 hours ago|

Clearly, Vercel should not have been compromised by this. I don't know who Context.ai is but I do know Vercel and I expected better from them. I also think we can expect to see a lot more stories like this.

voidUpdate 7 hours ago||

Something has gone screwy with the timestamps on this page... They're saying they were posted "in 8 hours", "in a day", then the last one is "an hour ago"

rightbyte 6 hours ago|

Last edit maybe? It is so annoying when sites don't publish the original timestamp.

voidUpdate 6 hours ago||

It's still showing a time in the future, which only makes sense if there is some kind of error with the server time or some kind of weird timezone conversion gone wrong

ashirviskas 5 hours ago||

Can confirm, in 6 hours.

Topfi 4 hours ago||

Odd, they used Delve [0] and a SOC2 compliant company like Context.ai [1] should have an AUP, EDR, etc. that prevents their employees from installing a Roblox cheat on their work computer. Heck, even outside SOC2, I have never worked at a company without endpoint restrictions to prevent unauthorised installs.

It's almost like the denials were in fact false and Delve truly was just selling a sticker, not providing an actual service.

If I were a VC that had funded Delve for a considerable amount of time, I'd be embarrassed that we did not catch that. I'd probably rework my processes, publicly analyse how this alleged fraud got past me and go far and beyond in disclosing my findings to rebuild trust. I'd most certainly not think just cutting funding is sufficient given the situation. Even more so if I'd encouraged other companies funded by me to use their "services". I'd maybe even reevaluate whether a circular approach wherein our funded companies are incentivised to rely on other also by us funded companies leads to the best options being chosen and whether that isn't antithetical to a forward thinking environment and competition. At the same time, I'd also think that maybe such a setup just hides unsuccessful companies and potentially even alleged fraud which once it gets to the broader market, may cause significant harm...

[0] https://web.archive.org/web/20250918025724/https://trust.del...

[1] https://web.archive.org/web/20260217220817/https://www.conte...

pama 4 hours ago||

Failed to verify my iphone browser…. But my claw could read it and text me the contents. The web is turning silly…

cyanydeez 3 hours ago|

re-read your sentences, are you sure it's the web...

nslsm 3 hours ago||

I can see how this happened: the employee was home, his kid wanted to play some roblox, he installed roblox and gave the kid the laptop, the kid decided to install the cheat.

trick-or-treat 8 hours ago||

According to the email I got from Vercel it was a limited subset of customers and I'm not one:

Initially, we identified a limited subset of customers whose Vercel credentials were compromised. We reached out to that subset and recommended that they rotate their credentials immediately.

At this time, we do not have reason to believe that your Vercel credentials or personal data have been compromised.

sitkack 5 hours ago|

That parentset was just you.

aroido-bigcat 7 hours ago||

Feels like the bigger issue here is how much implicit trust we’re starting to place in these AI-integrated workflows.

Tools that sit in the middle (like Context.ai) end up becoming a pretty large attack surface without feeling like one.

Xiaoher-C 1 hour ago||

[dead]

jseabra 3 hours ago||

[dead]

Nebsol 3 hours ago|

how the heck did a roblox cheat do this with an AI??

misswaterfairy 2 hours ago|

> February 2026. An employee at Context.ai, one of those AI productivity tools that promises to "supercharge your workflow," downloads a Roblox cheat.

The cheat contains an infostealer.

> March 2026. The attacker uses Context.ai's compromised infrastructure to pivot into a Vercel employee's Google Workspace account. This Vercel employee had signed up for Context.ai's "AI Office Suite" using their enterprise credentials and granted "Allow All" permissions. Let that sink in for a second. A Vercel engineer gave a third-party AI tool full access to their corporate Google account.

I swear this AI 'boom' is melting people's brains and zombifying them like Toxoplasma gondii[1] does to rodents, making them do risky things that ultimately get them eaten (or hacked...).

[1] https://en.wikipedia.org/wiki/Toxoplasma_gondii

More comments...