Vercel is building infrastructure based on a threat model where developers cannot be trusted to handle security correctly. By extracting critical functions like authentication and data access from the application code, the platform can enforce security regardless of the quality or origin (human or AI) of the app's code.
Related Insights
In the fast-evolving AI space, Vercel's AISDK deliberately remained low-level. CTO Malte Ubl explains that because "we know absolutely nothing" about future AI app patterns, providing a flexible, minimal toolkit was superior to competitors' rigid, high-level frameworks that made incorrect assumptions about user needs.
Unlike human attackers, AI can ingest a company's entire API surface to find and exploit combinations of access patterns that individual, siloed development teams would never notice. This makes it a powerful tool for discovering hidden security holes that arise from a lack of cross-team coordination.
For AI agents, the key vulnerability parallel to LLM hallucinations is impersonation. Malicious agents could pose as legitimate entities to take unauthorized actions, like infiltrating banking systems. This represents a critical, emerging security vector that security teams must anticipate.
As AI generates more code than humans can review, the validation bottleneck emerges. The solution is providing agents with dedicated, sandboxed environments to run tests and verify functionality before a human sees the code, shifting review from process to outcome.
AI product quality is highly dependent on infrastructure reliability, which is less stable than traditional cloud services. Jared Palmer's team at Vercel monitored key metrics like 'error-free sessions' in near real-time. This intense, data-driven approach is crucial for building a reliable agentic product, as inference providers frequently drop requests.
Recent security breaches (e.g., Gainsight/Drift on Salesforce) signal a shift. As AI agents access more data, incumbents can leverage security concerns to block third-party apps and promote their own integrated solutions, effectively using security as a competitive weapon.
AI 'agents' that can take actions on your computer—clicking links, copying text—create new security vulnerabilities. These tools, even from major labs, are not fully tested and can be exploited to inject malicious code or perform unauthorized actions, requiring vigilance from IT departments.
An AI agent capable of operating across all SaaS platforms holds the keys to the entire company's data. If this "super agent" is hacked, every piece of data could be leaked. The solution is to merge the agent's permissions with the human user's permissions, creating a limited and secure operational scope.
While sophisticated AI attacks are emerging, the vast majority of breaches will continue to exploit poor security fundamentals. Companies that haven't mastered basics like rotating static credentials are far more vulnerable. Focusing on core identity hygiene is the best way to future-proof against any attack, AI-driven or not.