Home / Security updates / Drata Not Impacted by the April 2026 Vercel Security Incident
Drata Not Impacted by the April 2026 Vercel Security Incident
Security updates detail rendered from /security-updates/upd_33cce6f70a46a43f.
Overview
| ID | upd_33cce6f70a46a43f |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Drata |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_33cce6f70a46a43f |
| providerId | safebase |
| organizationId | org_9708d68ec58f1549 |
| trustCenterId | tc_e9eb1dc435842fd1 |
| title | Drata Not Impacted by the April 2026 Vercel Security Incident |
| message | On April 19, 2026, Drata became aware of the Vercel April 2026 security incident, in which attackers obtained unauthorized access to certain Vercel internal systems via a compromised third-party OAuth application (Context.ai). Reputable threat intelligence sources have reported that a limited subset of Vercel customers had credentials exposed in connection with this incident. Drata is **not impacted** by this incident based on the information currently available. Our investigation, conducted the same day the incident became public, supports this assessment: - Drata did not receive a notification from Vercel indicating that our credentials were part of the affected subset. - No customer data is processed on Vercel. Vercel is used exclusively to host our public marketing website ([drata.com](http://drata.com)) and its preview/staging environments. No customer data, no audit evidence, and no workloads that process customer information are hosted on Vercel. - No indicators of compromise |
| url | - |
| publishedAt | 2026-04-20 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "incidents"
} |
| company | {
"id": "org_9708d68ec58f1549",
"name": "Drata",
"domains": [
"trust.drata.com",
"drata.com"
]
} |
| trust_center | {
"id": "tc_e9eb1dc435842fd1",
"name": "Drata",
"url": "https://trust.drata.com",
"host": "trust.drata.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_33cce6f70a46a43f",
"company": "/v1/companies/org_9708d68ec58f1549",
"trust_center": "/v1/trust-centers/tc_e9eb1dc435842fd1",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_33cce6f70a46a43fJSON