India, May 21 -- In April 2026, Vercel, a cloud application deployment platform, disclosed a security incident that did not originate within its own infrastructure, but through a third-party AI tool used by an employee. The attacker compromised the tool, used it to gain access to the employee's Google Workspace account, and then pivoted into internal systems, eventually accessing environment variables and sensitive operational data.

What makes this incident notable is not just the breach itself, but what it represents. The initial entry point was an AI system embedded into everyday workflows - the same class of tools that increasingly power AI agents and agent-driven automations inside organisations. As enterprises begin to rely on agent...