Security Advisory — April 2026

Was your project affected by the
Vercel April 2026 incident?

Attackers compromised a third-party AI integration and used it to silently exfiltrate Vercel deployment tokens across hundreds of projects. Run the four checks below to see if your project is exposed to the same attack patterns.

Incident window: Mar 28 – Apr 12, 2026Vector: Compromised AI integration OAuth tokenImpact: Deployment token exfiltration

Tokens are used for a single API request and never stored or logged. GitHub checks use only the public API.

Check 1 of 4 — No auth required
GitHub Workflow AI Action Pinning

Scans your public repo's .github/workflows/ for AI-named GitHub Actions referenced by mutable tags instead of commit SHAs — the exact vector used to compromise pipelines in April 2026.

Checks 2 & 3 of 4 — Vercel API token required
Vercel Integration Scopes & Audit Log

Checks your installed integrations for dangerous scope combinations (env:read + deployments:write) and scans your audit log for suspicious activity between March 28 – April 12, 2026 — the confirmed incident window.

Note: Integration flagging is scope-based — any integration holding env:read, deployments:write, or secrets:read is flagged as a risk, regardless of vendor. Vercel has not published a list of confirmed-compromised integration names.

Team ID (optional):
Your token is sent directly to our API for a single request and is never stored or logged. Create a read-only token at vercel.com/account/tokens.
Check 4 of 4 — No auth required
MCP / Hermes Config Cross-Boundary Token Scan

Paste your .mcp.json, hermes.json, or any agent config. We run the same patterns as AgenticSupplyChainAgent to detect credentials being forwarded to third-party tool servers — the silent exfiltration channel at the core of the April 2026 attack.

Spread the word

Know someone on Vercel?

Forward this checker to teammates or coworkers who use Vercel. The checks take 2 minutes and require no account.

Send via email
Share on XLinkedIn

What each check detects

01
AI Action Pinning

Finds GitHub Actions with AI-related names (copilot, claude, openai, devin, cursor…) that are referenced by mutable tags like @v2 instead of a full 40-character commit SHA. A tag-repointing attack can silently replace any of these with a credential stealer.

02
Integration Scope Audit

Lists your Vercel integrations and flags any that hold env:read, env:write, deployments:write, or secrets:read scopes. These are the scopes that gave the April 2026 attack access to deployment tokens without triggering any anomaly alerts.

03
Audit Log Analysis

Pulls your Vercel audit log and looks for environment variable reads, unexpected deployments, and new token creations that occurred between March 28 and April 12 — the confirmed incident window from the Vercel security bulletin.

04
Config Token Forwarding

Runs the same patterns as AgenticSupplyChainAgent on your pasted MCP or Hermes config to detect high-value credentials (VERCEL_TOKEN, GITHUB_TOKEN, API keys) being forwarded to non-localhost tool servers — a silent ongoing exfiltration channel.

Based on the Vercel April 2026 Security Bulletin and our full incident analysis. Detection powered by AgenticSupplyChainAgent — open source, MIT licensed.