Security Incident Response Statement

Background on Consumer-Focused Workspace

In June 2025, we released Context AI Office Suite, a self-serve consumer-targeted workspace designed to help users work with AI agents to build presentations, documents, and spreadsheets. The AI office suite offered a feature that allowed consumer users to enable AI agents to perform actions across their external applications, facilitated via another 3rd-party service.

This feature and entire consumer offering was separate from our current enterprise product, built to run on premises in customer environments.

Our Response to a Security Incident

Last month, we identified and stopped a security incident involving unauthorized access to our AWS environment. At the time, we engaged CrowdStrike, a leading forensic firm, conducted an investigation, and informed a customer we identified as impacted. We also closed the AWS environment, hosting service, and associated resources to fully deprecate the consumer product.

Today, based on information provided by Vercel and some additional internal investigation, we learned that, during the incident last month, the unauthorized actor also likely compromised OAuth tokens for some of our consumer users. We also learned that the unauthorized actor appears to have used a compromised OAuth token to access Vercel’s Google Workspace. Vercel is not a Context customer, but it appears at least one Vercel employee signed up for the AI Office Suite using their Vercel enterprise account and granted “Allow All” permissions. Vercel’s internal OAuth configurations appear to have allowed this action to grant these broad permissions in Vercel’s enterprise Google Workspace.

Based on this new information, we immediately worked to inform all impacted customers and provide them information about what happened and what actions to take. We have also been working closely with CrowdStrike to validate our containment efforts. While we are continuing to assess this incident, the theft of the OAuth tokens occurred prior to the AWS environment being shut down.

Status Quo

Today, Context serves enterprise customers through an entirely separate platform designed for controlled deployments in customer-owned environments, including air-gapped and on-premise configurations. This current platform is architecturally distinct and fully separated from legacy consumer systems, including the experimental integration referenced above. These implementations are not impacted in this incident.

Following the incident last month, we also worked closely with CrowdStrike to harden our other AWS environment, including additional encryption, segmentation, authentication, and monitoring controls. At Context, security is core to our products and services, and we are committed to continually improving the security of our products and services.