Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/verce…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

i havent laughed at a video this hard for years lmao

Something big is happening. Select fearless leaders from @AnthropicAI and TrendAI™ are converging to talk about securing what’s next. 🛡️ Get actionable #AIsecurity insights in a closed-door conversation unlike any other. Secure your spot: spr.ly/6011B6NnFP

We announced a strategic partnership with @AnthropicAI to enable organizations to adopt AI securely and responsibly. Together, TrendAI™ and Anthropic are advancing vulnerability discovery while ensuring coordinated action in real-world risk reduction. spr.ly/6010B64EQg

Now @AnthropicAI does a commercial on this is Claude….elevator ride up and full application for a presentation built for you or better yet….as you are walking to the conference room and using the chat system to build for you.

If it ain’t ever so true….

Behind the scenes footage

Understand…Santa Monica is just calling me!!!! #pinkpony banger that exists the Cyber and trade markets refuse to enjoy haha

Built for AI. Ready for next. A new era for enterprise security is here. Lead the future of AI with #ProactiveSecurity designed to inspire innovation and eliminate risk. TrendAI. AI Fearlessly. #TrendAI #AIfearlessly #NewBrand #ComingSoon

Every time I start doubting myself, I run a demo and hear, “I never thought to look at XDR data like this.” Makes me realize — the way I see things is the value.

There was a time that I believed @60Minutes but since they cut and edit the @KamalaHarris interview what do I know….seems like they have reallly good editors. @jimmykimmel you are an idiot on your show.

Curious is it good or bad when given some basic information on an active breach you advise a team on how you would approach the investigation? Knowing the breach has been done by several “experts” but still ongoing. Not really trying to say anyone is doing anything wrong…

Adios @bhusa and @defcon It was fun but need to go get some sleep!

Haha had a commit because I was on the Mandaly area like this working with some customers yesterday about my red shoes….. Don’t ever think I forget the shoes when. I am on the road! Come find me at the Trend Booth or Flankers today!! #bhusa @TrendMicro

Game over in Just 3 seconds

Bigfoot: A Day in the Life of an IT Professional