Oct 20, 2018
AI Stats Team
Security
Incident Response
Key Rotation
Security Notice: Third-Party Breach (April 19, 2026)
Incident response update following Vercel's April 19, 2026 security bulletin, including mitigation actions and customer guidance.
Summary
Following Vercel's security bulletin published on April 19, 2026, we initiated incident-response procedures across AI Stats. As part of that response, we rotated AI Stats internal platform secrets and credentials, invalidated prior internal values, and verified key-handling paths across gateway services.
As of April 21, 2026, we have no evidence of unauthorized access to AI Stats user data. Customer-managed API keys were not rotated by us. We recommend that all customers rotate their API keys for safety as a precaution.
Official Bulletin
Key points reported by Vercel include:
- Unauthorized access to certain internal Vercel systems.
- Initial impact to a limited customer subset involving non-sensitive environment variables.
- No reported evidence that sensitive environment variable values were accessed.
- No reported evidence of compromise to npm packages published by Vercel.
Actions Taken by AI Stats
- Rotated AI Stats internal platform secrets and credentials.
- Invalidated superseded key material and completed control checks.
- Reinforced key-management defaults and operational safeguards.
- Reviewed service activity and logs for suspicious behavior.
- Continued active monitoring and incident-response review.
Required Customer Actions
- Rotate your AI Stats API keys in /settings/keys.