You’ve probably heard the name Vercel before, it’s one of the biggest cloud platforms in the tech world, used by thousands of developers globally. In April 2026, Vercel announced it had been breached. Customer credentials were compromised, internal systems were accessed, and a $2 million ransom was demanded.
So how did it happen? Not through a sophisticated zero-day exploit. Not through a gap in their core infrastructure. It happened because one employee installed a third-party AI tool on a work device and that tool had already been quietly compromised months earlier.
The breach started with an infostealer infection on a Context.ai employee’s device in February 2026. By April, attackers had used stolen OAuth tokens from that tool to access Vercel’s internal systems.
This is the kind of story that should make every business owner pause, because the same thing can happen to your company, and it’s happening more often than most people realise.
What Is Shadow AI, and Why Should You Care?
Shadow AI is a simple idea: it’s any AI tool your employees are using that your IT team hasn’t approved, set up, or even knows about. Think of AI writing assistants, productivity bots, browser extensions, or AI-powered presentation builders that staff download on their own — sometimes with the best intentions.
The problem isn’t that these tools are always bad. Some of them are genuinely useful. The problem is that when an employee connects a third-party AI tool to their work Google account, their Microsoft 365 inbox, or their company cloud environment, they’re creating a connection your security team has no visibility into. And if that tool gets compromised — as Context.ai was — the attacker inherits whatever access the tool had.
In Vercel’s case, that access was enough to reach internal databases, environment variables, and employee accounts. For a smaller business with fewer security layers, the damage could be far worse.
The Risks Are Real — And Most Businesses Aren’t Ready
Here’s what makes this type of attack especially tricky: it doesn’t require your employees to do anything wrong on purpose. They install a helpful tool, log in with their work account for convenience, and move on. Meanwhile, that connection sits quietly in the background — an open door that nobody knew was there.
Most small and mid-sized businesses in Canada don’t have a process for reviewing the tools their staff use day to day. There’s no approval checklist, no visibility into which apps have been granted access to corporate accounts, and no monitoring for unusual OAuth token activity. That’s not a criticism — it’s just the reality for companies that don’t have a dedicated IT security team watching these things full time.
That’s exactly where the risk lives.
What You Can Do to Protect Your Business
The good news is that this is a very manageable problem when you have the right systems in place. You don’t need to ban AI tools outright — you just need visibility, control, and a team that’s watching.
Start with an audit of third-party app access
Log into your Microsoft 365 or Google Workspace admin console and look at which third-party apps have been granted permissions by your employees. You’ll likely be surprised by how many there are. Any app with broad access to email, calendar, or cloud storage should be reviewed and either approved or revoked.
Set a clear policy for AI tool usage
Your team needs to know what they’re allowed to install on work devices and what requires approval first. A simple, written policy that covers AI tools, browser extensions, and third-party integrations goes a long way — especially when paired with a quick conversation about why it matters.
Put monitoring in place
Reactive security isn’t enough anymore. You need continuous monitoring that flags unusual account activity, unexpected access attempts, and new OAuth connections before they turn into a problem. This is something a good managed IT provider handles on your behalf, around the clock.
Beyond monitoring, the following protections should be non-negotiable for any business using cloud tools:
- Multi-factor authentication (MFA) on every account, especially Google Workspace and Microsoft 365
- Regular reviews of which apps have access to your corporate accounts
- Endpoint protection on all work devices, including personal devices used for work
- Staff awareness training so employees understand the risks before they install something new
- Dark web monitoring to catch stolen credentials before attackers use them
This Is Exactly What We Help Businesses With
At PlexxTech, protecting businesses from threats like this is a core part of what we do. We work with companies across Canada to put the right security layers in place — not just the obvious ones, but the less visible risks like unsanctioned app access and third-party tool exposure.
We offer cybersecurity services, employee awareness training, and 24/7 managed IT support that keeps a close eye on your environment. If something looks off — an unusual login, a new app connection, an unexpected token request — we catch it before it becomes a breach.
The Vercel incident is a reminder that the biggest security gaps are often the quietest ones. A single unsanctioned AI tool, used innocently by one employee, became the entry point for a sophisticated attack on a major platform. Your business deserves better protection than hoping that doesn’t happen to you.
Want to know if your business has unsanctioned tools creating hidden risks? Book a free IT security assessment with PlexxTech — we’ll review your environment and give you an honest picture of where you stand.
