title: "Vercel Got Owned by a Roblox Exploit Script, Meta Built a Corporate Keylogger, and $300 Billion Happened Last Quarter" description: "A former CTO's unfiltered take on this week's top HN stories: the Vercel supply chain breach that started with a Roblox auto-farm script, Meta logging every keystroke its employees type, the most insane VC quarter in recorded history, and why the open-source AI coding agent community is finally angry enough to do something about it." publishedAt: "2026-04-23" author: "Alex Rivera" category: "news" tags: ["hacker-news", "security", "vercel", "meta", "venture-capital", "ai-tools", "open-source", "developer-tools", "supply-chain"]

The thing that should bother you most about the Vercel breach isn't that it happened. Infrastructure companies get breached. That's not news, and anyone who tells you their stack is immune is either lying or hasn't been targeted yet. What should bother you is the specific chain of events that made it possible, because it's so mundane that it might as well be a parable.

Here's how it went. A Context.ai employee — Context.ai being an AI analytics tool that Vercel used internally — got infected with Lumma stealer malware. How? The investigators traced it to Roblox "auto-farm" scripts. The person was downloading game exploits from the kind of shady Discord servers that have been distributing stealers since 2019. The stealer grabbed their credentials, the attacker used those to access Context.ai's backend, and Context.ai's Vercel integration had been granted what the security researchers charitably describe as "broad OAuth permissions" to a Vercel employee's Google Workspace account — specifically, full read access to Google Drive.

From there, it's straightforward. The attacker hijacked the OAuth token, took over the Google Workspace account, pivoted into Vercel's internal environment using the inherited trust of that OAuth session, and started enumerating environment variables across internal systems. A group claiming affiliation with ShinyHunters then posted on BreachForums saying they had Vercel's databases, access keys, employee accounts, and source code, and put the asking price at $2 million.

Vercel's disclosure was careful to note that "sensitive environment variables remained secure" while "non-sensitive environment variables" were exposed. The HN thread treated this framing with appropriate contempt. The top comment, paraphrasing here, was something like: if your environment variables don't contain anything sensitive, you're not using environment variables correctly. Every developer who has deployed anything in the last ten years has used env vars specifically because they're where you put the things you don't want in your codebase. "Non-sensitive env vars" is a category that should be empty.

The deeper issue is one the security community has been screaming about since OAuth became the default mechanism for SaaS integrations: your security perimeter is now defined by the weakest security posture of every tool any of your employees has ever granted OAuth access to. Context.ai had enterprise-grade Google Workspace integration. The Vercel employee who installed it probably thought nothing of clicking "allow" because every SaaS tool asks for the same permissions. If you are running any kind of engineering organization, your immediate action item is to audit what OAuth grants exist across your team's Google and Microsoft accounts right now. Not next sprint. Now. The Vercel breach started with a Roblox cheat script on someone's personal gaming habits, but it ended inside production infrastructure.

While the security community was processing Vercel, a different story moved through HN with less alarm than it deserved. Meta announced it is installing keystroke logging software on all US-based employee computers. The stated purpose: capturing mouse movements, clicks, keystrokes, and periodic screenshots of screen content to use as training data for computer-use AI agents. The company wants to teach AI models to operate computers the way humans do, and the training approach is to watch how humans actually operate computers.

This is, technically, legal. Meta disclosed it in an internal memo, employees were informed, and if you work at Meta in the United States you are now being comprehensively logged in a way that previously would have been described, without exaggeration, as enterprise spyware. A Yale law professor quoted in coverage called it "an escalation in employee monitoring practices more commonly associated with gig economy roles." One Meta employee described it as "very dystopian." The company said the logging would be limited to work-related apps and websites, which is a policy statement and not a technical constraint.

The HN discussion landed in an interesting place. The majority of comments weren't outraged about the ethics of surveillance in principle — most people accepted that employers have broad latitude to monitor work devices. The comments that got the most traction were pointing at the irony: the same attack surface Meta is training models to navigate — the ability to read UI elements, interpret screen state, understand the context of what a user is doing at any given moment — is also exactly what infostealer malware does. Lumma, the stealer that cracked open the Vercel incident, extracts credentials by reading browser memory, capturing form submissions, and screenshotting active windows. Meta is spending hundreds of millions of dollars to build exactly that capability, but for the stated purpose of having an AI do your PowerPoint work.

What to do with this: if you're building AI agents for enterprise use, the market signal here is that the major players are prioritizing computer-use training data above nearly everything else. The next wave of genuinely useful AI tools won't be chatbots with slightly better reasoning — they'll be agents that can actually sit at a computer and do work. The workflow automation products that will matter in 18 months are being trained right now.

I want to talk about the Q1 2026 venture funding numbers because the HN thread on the Crunchbase data had one of the better comment threads I've seen in months, and the discussion was more honest than most financial journalism will be.

The number: $300 billion invested globally in Q1 alone. Of that, $242 billion — 80% — went to AI companies. Four deals made up 65% of total global venture capital in the quarter: OpenAI at $122 billion, Anthropic at $30 billion, xAI at $20 billion, and Waymo at $16 billion. The previous all-time record for an entire year was roughly $450 billion in 2021. We hit two-thirds of that in ninety days.

The HN comment that stuck with me: "We're not in a bubble. We're in a period where 'market' and 'capital allocation mechanism' have temporarily decoupled." Someone else replied: "That's what a bubble is." They're both right. The products work. The revenue is real — OpenAI hit $25 billion in annualized revenue in February, up from $6 billion at the end of 2024. Anthropic is reportedly approaching $19 billion. These are not vaporware companies. But OpenAI raising $122 billion at an $852 billion valuation — while actively planning a 2026 IPO at a potential $1 trillion — is not a valuation you derive from a discounted cash flow model. It's a valuation you arrive at when the largest tech companies on earth are terrified of being left behind and have more capital than they can deploy carefully.

I've watched three of these cycles up close. In 1999, the companies were worthless. In 2021, the companies were real but overvalued by a factor of five to ten. Right now, I genuinely don't know which scenario we're in, and I've been doing this long enough to distrust that uncertainty as a signal. What I can tell you is that when four companies absorb $188 billion in a single quarter, the money stops being a signal about the market and starts being a force that reshapes the market. The startups not in that tier are now competing with companies whose cost of capital is effectively zero. That's a different kind of hard.

On a lighter note, the Stanford AI Index dropped its 2026 edition and the IEEE Spectrum piece pulling out twelve key graphs got significant HN traction. Worth your time if you read data better than you read press releases, which is true of most HN regulars and should be true of anyone making technology decisions.

The numbers that matter: global AI compute capacity has tripled every year since 2022. The cost of running inference on frontier models has fallen roughly 40x since 2023. Agentic AI benchmarks — things like OSWorld (autonomous computer use) and SWE-Bench (software engineering) — went from near-zero capability to above 50% in under 18 months. The HN comment worth quoting: "The only graph that actually matters is the inference cost curve, and every product decision should be relative to where that curve lands in 18 months, not where it is today."

That's correct, and it's advice almost nobody follows because it requires you to build for a cost structure that doesn't exist yet. The tools that seem too expensive to build productively on today — anything that requires 50-100 model calls per user interaction — become economically viable as inference cost continues to collapse. If you're building something and you've ruled it out because the API costs don't work, reprice it against 18-month-forward inference costs and see if that changes the calculus.

The last story worth spending time on is OpenCode, which hit #1 on HN in March and has sustained enough community energy that it keeps resurfacing in discussions. It's an open-source, terminal-based AI coding agent that is deliberately provider-agnostic — you can run it against Claude, GPT, Gemini, local models, or nothing if you want to use free-tier providers. 120,000 GitHub stars. Built by a small team. Positioned explicitly against the vendor lock-in of Claude Code (Anthropic only) and Codex CLI (OpenAI only).

The HN reception was revealing. The most upvoted comment in the original thread wasn't about features or benchmarks. It was about pricing risk: "When your entire coding workflow depends on a proprietary tool from a single model provider, you're one pricing change away from rebuilding your muscle memory." The community has apparently reached the point where trust in big AI labs to maintain stable pricing is lower than trust in an open-source project that might not exist in two years. That's a meaningful sentiment shift.

The developer tool market follows a predictable pattern. Proprietary tools get there first because they have resources to move fast and don't need to solve the hard coordination problems of open governance. Then the economic pain of vendor lock-in accumulates until the open alternative has enough momentum to win on principle plus economics. We're somewhere in the middle of that transition in AI coding tooling. OpenCode is not yet better than Claude Code in absolute performance terms. But it's close enough that the lock-in argument is doing real work.

If you're making tooling decisions for an engineering team right now, the right call is probably to be intentional about this. Don't let convenience lock you in. The models you use for coding assistance will be different in a year, and the tool that makes switching easy is worth the short-term friction.

The Vercel breach is the one where I'd actually change behavior today. Audit your OAuth grants. Look at what Google Workspace apps have access to across your organization. Revoke anything you can't account for. The attack that hit Vercel is replicable against essentially any organization that uses modern SaaS tooling, which is all of them. The chain from a game cheat script to production environment variables is shorter than anyone wants to admit, and it runs through every browser extension and AI integration you've approved without reading the permission scope.

Sources:

• Vercel April 2026 security incident | Vercel Knowledge Base
• App host Vercel says it was hacked and customer data stolen | TechCrunch
• Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M | OX Security
• Meta will record employees' keystrokes and use it to train its AI models | TechCrunch
• Q1 2026 Shatters Venture Funding Records As AI Boom Pushes Startup Investment To $300B | Crunchbase
• 12 Graphs That Explain the State of AI in 2026 | IEEE Spectrum
• OpenCode – Open source AI coding agent | Hacker News
• Graphs that explain the state of AI in 2026 | Hacker News