Book: AI Agents Pocket Guide Also by me: LLM Observability Pocket Guide My project: Hermes IDE | GitHub — an IDE for developers who ship with Claude Code and other AI coding tools Me: xgabriel.com | GitHub On April 19, 2026, Vercel published a security bulletin describing an incident that did not start at Vercel. According to Vercel's own knowledge-base disclosure and Context.ai's security update , the chain looked like this. A Context.ai employee's machine was compromised by infostealer malware. Trend Micro's analysis identified the family as Lumma Stealer, and Reco's writeup dates the initial foothold to February 2026. That foothold gave the attacker access to OAuth tokens belonging to Context.ai's AI Office Suite users. One of those tokens belonged to a Vercel employee who had granted Context.ai broad Google Workspace scopes from their Vercel-managed Google account.…