Last week, web infrastructure giant Vercel disclosed a security breach. The entry point? Not Vercel’s systems — but an AI tool one of their employees was using. The attack started with a compromised employee at Context.ai, a third-party AI assistant tool. From there, hackers slid sideways into Vercel’s internal systems and, eventually, into some customer environments.
This is called a supply chain attack — and it’s the kind most small and mid-sized businesses are completely unprepared for.
Why This Should Worry You
If your team uses AI tools — a coding assistant, a design tool, a chatbot that helps with customer service — you are exposed to this same risk. Most AI tools integrate directly with your existing accounts: Google Workspace, Microsoft 365, Salesforce, GitHub. One compromised tool can become a skeleton key to all of it.
Vercel says the blast radius was “limited.” That’s cold comfort if your data is in the blast radius.
For businesses using Salesforce, this risk is amplified. We saw it in April — two separate breaches (OneDigital and McGraw-Hill) traced back to unauthorized access in Salesforce environments. Attackers are targeting the apps and tools that connect to your core systems, not the core systems themselves.
What You Can Do Right Now
- Audit your AI tools. What third-party AI assistants, copilots, or integrated tools do your employees have connected to your business accounts? Make a list.
- Limit integration permissions. AI tools don’t all need full access to your email, drive, or CRM. Use least-privilege access controls.
- Treat AI vendors like any other vendor. They have access to your systems — audit them accordingly.
- Work with a partner who monitors this. The threat landscape changes weekly. That’s what NSI Tech does.
The era of AI assistants is here. So is the era of AI-powered breaches. Don’t get caught flat-footed.
Want a security review of your current setup? Talk to NSI Tech — no pitch, just a clear picture of where you stand.