Free Assessment

Table of Contents

Reach SOC 2 Compliance in 6 Weeks or Less.

Request a Demo

Home

  / ,

  / Vercel April 2026 Security Incident: What Happened and What You Need to Know

Vercel April 2026 Security Incident: What Happened and What You Need to Know

Picture of Pedro Dias
Copy Link

On April 19, 2026, Vercel confirmed attackers had reached parts of its internal systems. The entry point was an infostealer infection on an employee’s laptop at Context.ai, a third-party AI platform, two months earlier. From that single compromised machine, an attacker moved through Google Workspace OAuth, into a Vercel employee’s account, and then into Vercel environments where customer environment variables were stored.

This is the shape of a modern supply-chain breach, and it is worth understanding in detail.

What Vercel Has Confirmed

Vercel published a short security bulletin on April 19, 2026, stating that unauthorized access had affected a limited subset of customers. The company engaged external incident response experts and notified law enforcement. Hours later, CEO Guillermo Rauch provided the attack chain on X: Context.ai was breached, a Vercel employee’s Google Workspace account was taken over through that breach, and the attacker then pivoted into Vercel’s internal environments. Incident responders from Mandiant were engaged alongside law enforcement, according to BleepingComputer’s reporting on the incident.

Rauch stated that Next.js, Turbopack, and Vercel’s open-source projects had been audited and remained safe, a direct response to claims circulating on a cybercrime forum that framed the incident as a potential Next.js supply-chain disaster. All core services, including deployments, the edge network, and the dashboard, continued to operate normally throughout the investigation. In the days following the disclosure, Vercel also rolled out dashboard updates including an environment variable overview page and an improved UI for creating and managing sensitive variables.

The number of customers directly contacted has not been published, but Vercel has described the impact as quite limited. Customers not contacted have been told there is no current evidence their credentials or personal data were compromised.

The Initial Access: A Context.ai Infostealer Infection

According to cybercrime intelligence researchers, the likely origin of the breach was a Lumma infostealer infection on a Context.ai employee’s machine in February 2026, a full two months before Vercel’s public disclosure. Browser artifacts from the compromised device tell a familiar story: the user had been searching for and downloading Roblox auto-farm scripts and game exploit executors, a well-documented vector for Lumma stealer deployment. The stealer would have exfiltrated browser credentials, session cookies, and OAuth tokens.

Context.ai is an enterprise AI platform that builds agents on top of a customer’s institutional knowledge. To function, it integrates with Google Workspace and requests deployment-level OAuth scopes. As reported in detail by The Hacker News, once Context.ai’s credentials were in the hands of an attacker, that OAuth integration became a privileged foothold into any organization using the platform. Vercel’s investigation noted that the Context.ai OAuth app compromise potentially affected hundreds of users across many organizations, which makes the Vercel intrusion one downstream consequence of a broader supply-chain incident rather than a self-contained breach.

The attacker used the compromised integration to take over a Vercel employee’s Google Workspace account. From there, they pivoted into Vercel’s environment and began enumerating environment variables. Vercel offers customers the option to mark environment variables as sensitive, which encrypts them at rest and blocks them from appearing in the dashboard UI. Variables not marked sensitive were readable, and the attacker used that enumeration to extend access further.

Reach SOC 2 Compliance in 6 Weeks or Less

Schedule Your Free SOC 2 Assessment Today

Schedule

Who Was Affected and What Was Accessed

Confirmed impact is narrower than the headlines suggest. Vercel has stated that customer environment variables marked as sensitive remain encrypted at rest and show no evidence of access. The attacker did read environment variables not marked sensitive, and used those values for further escalation.

Secondary reporting indicates that Vercel’s Linear and GitHub integrations bore the brunt of the attack. The attacker demonstrated detailed knowledge of Vercel’s internal systems and moved with high operational velocity, behavior that led Vercel to classify them as highly sophisticated. Whether any customer-owned repositories were accessed through these integrations has not been publicly established.

Separately, a threat actor using the ShinyHunters moniker listed what they described as Vercel internal data on BreachForums for USD 2 million, claiming to offer employee accounts, deployment access, source code, database content, GitHub tokens, and npm tokens. The same actor separately communicated a USD 2 million ransom demand via Telegram. Vercel has not confirmed any of these specifics, and Rauch’s public rebuttal focused on the claim that Next.js and related OSS release paths were compromised, which Vercel says they are not. Adding a further layer of doubt, members of the actual ShinyHunters group denied involvement when contacted by BleepingComputer, suggesting the listing may be a copycat or lone-actor operation trading on the group’s reputation.

Important: Treat the ShinyHunters listing as plausible but unverified. Plan your remediation against the confirmed scope, which is already broad enough to justify rotating Vercel-connected secrets, but do not quote forum claims to regulators, customers, or auditors as established fact.

Indicators of Compromise

Vercel published an OAuth application identifier tied to the Context.ai integration that Google Workspace administrators should search for in their own tenant:

110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com

If that client ID appears in your Google Workspace OAuth app inventory, a Context.ai integration exists or existed within your environment. The presence of the integration is not proof your tenant was accessed, but it moves you into the population that needs closer triage. Review the OAuth grant scopes, any activity from the associated service account, and the audit logs for any user who authorized the application.

Vercel has also contacted affected customers individually. If you have not received direct outreach, Vercel’s public position is that there is no present evidence your Vercel credentials were compromised.

What Vercel Customers Should Do Now

Rotate all non-sensitive environment variables across every Vercel project. Anything that is a secret — API keys, database credentials, signing keys, webhook secrets, third-party tokens — should be stored using the sensitive environment variable feature going forward. Rotate any such value that was stored as non-sensitive before April 19, 2026, on the assumption it may have been read.

Audit your Vercel activity logs for the period of April 17 through 19, 2026. Unexpected logins, environment variable reads, integration authorizations, or administrative actions during that window warrant investigation. 

Regenerate GitHub and npm tokens tied to Vercel integrations. Tokens with repository-write or package-publish scopes should be rotated regardless of whether you were directly notified. The cost of rotation is low compared to the downstream impact of a token that turns out to have been exposed.

Audit OAuth grants in your Google Workspace admin console, and specifically check for any Context.ai-associated application, including the client ID listed above. Revoke any integration your organization does not actively use, and re-examine the scopes granted to the ones you keep. Integrations with deployment-level or admin-level scopes into productivity suites are the exact pattern attackers exploited here.

Look for downstream credential reuse. If a database URL, an AWS key, or a third-party webhook signing secret was stored as a non-sensitive Vercel environment variable, assume it could have been read and rotate it. Check the audit logs of any systems those credentials unlock. This kind of lateral-movement mapping is exactly what a structured internal audit process is designed to support — and this incident is a strong argument for having one in place before something goes wrong.

The Bigger Picture: Infostealers, OAuth, and Cascading Compromise

This incident is a clean illustration of how modern breaches chain together. An employee at a vendor you do not directly do business with downloads a game cheat. A stealer exfiltrates browser sessions and OAuth tokens. Those credentials are sold or used by a second actor who works out which enterprise platforms the victim’s employer is connected to. The OAuth grant, which the original victim has likely forgotten about, becomes the bridge from that vendor’s breach into yours.

Infostealers have become the dominant initial access method for a reason. They are cheap, they run automatically, and they scale: millions of infected machines feed credential markets every month. OAuth grants, because they persist and because they often carry broad scopes, turn individual credential theft into environment-wide access. Cloud development platforms like Vercel sit at a particularly dangerous point in the chain, because a compromise there touches every customer’s release path.

The specific lesson here is not to stop using AI tools, or to stop granting OAuth scopes. It is to treat third-party OAuth integrations with the same inventory, review, and rotation discipline as any other privileged credential. The vendor you trust least in your OAuth list is a potential path into your most trusted systems.

This is also where frameworks like ISO 27001 and SOC 2 earn their keep in practice rather than on paper. ISO 27001’s controls around supplier relationships (Annex A, domain 5.19 through 5.22) and access management exist precisely to create the governance structures that would flag an integration like the Context.ai OAuth grant before it becomes an incident. Similarly, a SOC 2 compliance checklist that takes the Availability and Logical Access criteria seriously would require periodic review of third-party access grants as a control activity. Compliance frameworks are often criticized as box-ticking exercises, but when they are implemented with operational intent, they catch exactly this kind of drift.

Equally important is what happens between certification cycles. Continuous monitoring for SOC 2 — or for any security program — means that the infostealer credential hit that appeared in threat intelligence a month before the Vercel breach has a fighting chance of being acted on, rather than discovered after the fact. Organizations that treat compliance as a once-a-year event are operating with a detection gap that attackers have learned to measure and exploit.

For organizations that want to understand where they stand before the next incident, an ISO 27001 gap analysis is a structured starting point. It maps your current controls against the standard’s requirements and surfaces the specific areas — third-party access governance, privileged credential management, OAuth scope review — where your program has blind spots. Pair that with periodic vulnerability assessment and penetration testing that explicitly includes your OAuth integrations and third-party connections, and you begin to approximate the adversarial visibility that a well-resourced attacker already has on your environment.

For organizations operating or deploying AI platforms — Context.ai’s role in this incident is directly relevant here — the ISO 42001 implementation guide addresses the governance structures specific to AI system risk, including third-party integrations. As AI agents become more deeply embedded in enterprise workflows, the OAuth footprint they require will grow, and the supply-chain risk profile will grow with it.

And if your organization is preparing for an ISO 27001 internal audit, this incident provides a compelling real-world case study for the supplier and access control sections of your audit scope.

Was my Vercel project affected?

Vercel has directly contacted the customers it believes were impacted. If you were not contacted, Vercel’s position is that there is no evidence your credentials or personal data were compromised. That is not a guarantee, and rotating any secrets that were stored as non-sensitive environment variables is still the correct precaution.

Environment variables not marked as sensitive were confirmed enumerable by the attacker. Vercel states that sensitive (encrypted) environment variables show no evidence of access. Secondary claims from the ShinyHunters BreachForums listing describe far broader data, including employee accounts, source code, and NPM and GitHub tokens, but these are unverified, and members of the actual ShinyHunters group have denied involvement.

Yes. Vercel’s security bulletin was published on April 19, 2026. CEO Guillermo Rauch provided the Context.ai attack chain publicly on April 20.

Context.ai is an enterprise AI agent platform used by a Vercel employee. It had been granted Google Workspace OAuth access, including deployment-level scopes. When Context.ai itself was breached, that OAuth integration became the attacker’s path into Vercel, and Vercel has indicated the same compromise potentially affected hundreds of users across many organizations.

Rotate any secret that was ever stored as a non-sensitive Vercel environment variable. Audit your Vercel activity logs from April 17 through 19. Regenerate GitHub and npm tokens tied to Vercel integrations. Audit OAuth apps in your Google Workspace and revoke anything you do not use, including any Context.ai integration. If your organization uses Context.ai, assume direct exposure and coordinate with your incident response team.

Axipro Author

Picture of Pedro Dias

Pedro Dias

Pedro has been writing online for over 10 years. With experience in all things programming, cyber security, and compliance, he is our editor-in-chief at Axipro.
Copy Link

Blog Highlights

Explore More Articles

Read More Blogs

HIPAA vs GDPR: Key Differences & Dual Compliance Guide

HIPAA and GDPR are the two most consequential data protection frameworks any healthcare or technology organisation is likely to encounter. They share a common purpose, protecting sensitive personal data, but they differ significantly in scope, enforcement mechanisms, and compliance obligations. For organisations operating across the Atlantic, understanding where they align, where they clash, and how to satisfy both simultaneously is not optional. It is a legal necessity. What Is HIPAA? The Health Insurance Portability and Accountability Act was enacted by the U.S. Congress in 1996. Its original purpose was to modernise the flow of healthcare information and ensure the portability of health insurance coverage. Over time, it became primarily known for its data protection requirements, administered by the U.S. Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR). HIPAA is built around three core rules. The Privacy Rule governs how Protected Health Information (PHI) may be used and disclosed. The Security Rule sets standards for safeguarding electronic PHI (ePHI). The Breach Notification Rule establishes mandatory reporting timelines when PHI is compromised. Who Needs to Be HIPAA Compliant? HIPAA applies to covered entities, healthcare providers, health plans, and healthcare clearinghouses, and to their business associates: any third-party organisation that handles PHI on their behalf. If you build software that processes patient data for a U.S. hospital, you are a business associate. If you store medical records in the cloud for an insurance company, you are a business associate. A Business Associate Agreement (BAA) is the formal contract that governs this relationship. What Types of Data Does HIPAA Protect? HIPAA protects Protected Health Information (PHI): any individually identifiable information relating to a person’s past, present, or future physical or mental health condition, the provision of healthcare, or the payment for healthcare. This includes names, dates of birth, Social Security numbers, medical record numbers, and any data that could be used to identify a patient in connection with their health. Electronic PHI, the subset stored or transmitted digitally, is subject to the Security Rule’s additional technical requirements. What Is GDPR? The General Data Protection Regulation came into force across the European Union on 25 May 2018, replacing the 1995 Data Protection Directive. It is the world’s most comprehensive data privacy law, and its extraterritorial reach means it extends well beyond Europe’s borders. The GDPR is enforced by national Data Protection Authorities (DPAs) and coordinated at the European level by the European Data Protection Board (EDPB). Unlike HIPAA, GDPR is not sector-specific. It applies to any organisation processing the personal data of EU residents, regardless of industry. Who Needs to Be GDPR Compliant? Any organisation that processes the personal data of individuals located in the European Union, regardless of where the organisation is based. A U.S. hospital treating European patients, a SaaS company offering services to German users, or a health app collecting data from French residents all fall within GDPR’s scope. The regulation applies to both data controllers (organisations that determine how and why data is processed) and data processors (third parties that process data on a controller’s behalf). What Types of Data Does GDPR Protect? GDPR protects all personal data: any information relating to an identified or identifiable natural person. Health data is explicitly designated a special category under GDPR Article 9, commanding heightened protection alongside biometric data, genetic data, racial or ethnic origin, religious beliefs, and sexual orientation. HIPAA vs GDPR: Key Differences at a Glance Feature HIPAA GDPR Jurisdiction United States only EU + extraterritorial reach Sector Healthcare only All sectors Regulatory body HHS / OCR National DPAs / EDPB Data covered PHI only All personal data Consent model Treatment-based exceptions Explicit consent required Breach notification 60 days (proposed: 72 hours) 72 hours Max fine $1.9M per violation category/year €20M or 4% of global turnover DPO required No Sometimes Right to erasure Limited Yes Scope and Geographic Reach HIPAA’s reach is defined by entity type: it applies to covered entities and business associates operating within the United States. Whether a patient holds EU citizenship is irrelevant to HIPAA jurisdiction. What matters is whether the organisation providing care or processing health data operates within the U.S. healthcare system. GDPR’s reach is defined by the location of the data subject, not the organisation. Article 3 of the GDPR gives it explicit extraterritorial effect. If your organisation targets or monitors EU residents, GDPR applies, regardless of where you are headquartered, where your servers are located, or what industry you operate in. Types of Data Protected: Personal Data vs Protected Health Information (PHI) This is the sharpest structural difference between the two frameworks. HIPAA is focused exclusively on health data in the context of healthcare delivery or payment. GDPR covers all personal data, from email addresses and IP addresses to medical records and genetic profiles. Health data under GDPR is a subset of the broader personal data category, not the totality of it. An organisation that is fully HIPAA-compliant may still be in violation of GDPR if it mishandles employee data, marketing data, or website analytics. Legal Basis for Data Processing GDPR requires organisations to identify a valid legal basis before processing any personal data. For health data, that typically means explicit consent or one of the specific derogations in Article 9(2), such as processing necessary for medical diagnosis or the provision of healthcare. This is a meaningful threshold; pre-ticked boxes, bundled consent, or vague terms of service do not meet GDPR’s standard. HIPAA takes a different approach. It permits covered entities to use and disclose PHI for treatment, payment, and healthcare operations without obtaining patient consent. Authorisation is required only in specific circumstances, such as disclosures for marketing purposes or release of psychotherapy notes. Important: GDPR’s explicit consent requirement creates real friction for U.S. healthcare organisations treating EU patients. A hospital cannot rely on its standard HIPAA-compliant intake forms to satisfy GDPR. The legal bases must be documented separately, and consent forms must meet the GDPR’s granularity requirements. Regulatory Authority and Enforcement HHS OCR is

Read more

Employee Offboarding Checklist: 10 Steps to Revoke Access

31% of organizations have caught former employees accessing SaaS applications after their departure (source). Seventy percent of intellectual property theft happens in the ninety days surrounding a resignation announcement. The pattern is so consistent that auditors now treat termination day as one of the highest-risk windows on the security calendar. This article is a working employee offboarding checklist for IT, security, and HR teams who want to close that window cleanly. It walks through ten steps that revoke access without leaving gaps, then covers edge cases (remote workers, hostile exits, lost devices), the manual-versus-automation tradeoff, and post-offboarding monitoring. Use it as a baseline and adapt it to your environment. What Is Employee Offboarding and Why Does Access Revocation Matter? Employee offboarding is the structured process of separating a person from an organization: removing their access, recovering company property, documenting their exit, and updating records. The access revocation piece is the part where most programs fail quietly. Accounts get disabled in the identity provider but stay active in a dozen SaaS tools. Badges get collected but VPN tokens stay valid. The person is gone; the keys to the building are not. Why Employee Offboarding Is a Critical Security Risk Offboarding fails because access has multiplied faster than the processes designed to manage it. The average enterprise now operates somewhere between 275 and 660 SaaS applications depending on size, with employees touching dozens of them each week. Each application is a separate place that needs to be cleaned up, and each one creates an independent point of failure. The departing employee is a particularly acute version of this risk because the motivation to walk away with something often peaks during the same window that access is supposed to be revoked. The Cost of Leaving Access Open After Departure The financial picture is well documented. The 2025 Ponemon Cost of Insider Risks report puts the average annual cost of insider-related incidents at $17.4 million per organization, with containment taking an average of 81 days. Even when a departed employee never actively misuses their access, the existence of a forgotten account is enough to compromise a SOC 2 audit, trigger a breach notification, or create the credentialed beachhead that an outside attacker eventually exploits. The cases keep appearing. Cash App was breached in 2022 when a former employee accessed the records of 8 million customers after leaving. In May 2024, FinWise Bank disclosed that a former employee accessed internal systems after departure because access had never been fully revoked. Intel sued a former engineer in 2024 for downloading roughly 18,000 sensitive files in the days before he left. Ponemon’s 2025 report found that containment costs scale steeply with time. Incidents resolved in under 30 days averaged about $11 million, while those over 90 days averaged $17 million. The biggest variable is not detection capability. It is how fast access actually came down on day one. Compliance and Legal Implications of Incomplete Offboarding Access revocation is not a “best practice.” It is an explicit control requirement in nearly every framework against which an organization is likely to be audited. NIST SP 800-53 control PS-4 requires that on termination, organizations disable system access within an organization-defined time period, terminate or revoke any authenticators, and retrieve organizational property. ISO/IEC 27001 includes equivalent expectations under its Annex A controls for termination of employment. The AICPA Trust Services Criteria for SOC 2 cover this under Common Criteria CC6.2 and CC6.3, and auditors routinely pull a sample of terminated employees and verify timestamps in the identity provider against the HR system. GDPR adds a separate dimension. If a former employee still has access to the personal data of EU residents, that constitutes unauthorised processing under Article 32, and it is the controller’s responsibility, regardless of intent. HIPAA does the same for protected health information. Whatever the framework, the question an auditor or regulator will ask is the same: how quickly was access revoked, and can you prove it? Who Is Responsible for Employee Offboarding? Offboarding fails most often because no one owns the whole process. Four groups need to be in the loop, and each one has a distinct job. HR and People Operations HR is the source of truth for the termination event. Their job is to capture notice of departure, set the official last day, communicate timing to the rest of the business, and serve as the trigger that starts every downstream task. If HR does not record the termination in the HRIS, nothing automated will fire. IT and Security Teams IT executes the access teardown. They disable accounts in the identity provider, revoke SSO and OAuth tokens, remove SaaS application access, suspend email, and recover devices. Security teams typically run the audit trail and post-offboarding monitoring, and they are the ones answering when an account flagged six months later turns out to belong to a person who left in March. Legal and Compliance Legal handles NDA reminders, IP assignment confirmations, non-disclosure obligations, and any contractual surprises. Compliance owns the documentation: the evidence trail that proves the offboarding actually happened and met the relevant control requirements. For regulated industries this becomes audit evidence; for everyone else it becomes legal cover. Direct Managers Managers know things HR does not. They know which shared drives the person owned, which third-party vendors they had standing access to, which client passwords they may have rotated themselves, and which projects need a transition plan. A solid offboarding process forces the manager into the workflow with a checklist of role-specific items, because no central team can guess them. Employee Offboarding Checklist: 10 Steps to Revoke Access Without Leaving Gaps This is the core sequence. The order matters: starting with notification and inventory before disabling accounts means you do not lock the person out of a system you still need them to hand off. Step 1: Initiate Offboarding Immediately Upon Notice of Departure The moment notice is given — resignation, termination decision, or end of contract — the offboarding workflow should start. This means

Read more

Drata Agent Guide: Installation, Setup & Sync Troubleshooting

The Drata Agent is the part of Drata’s compliance stack that actually touches employee devices. It is a lightweight, read-only desktop application that runs in the system toolbar, reads a narrow set of security configuration settings, and reports them back to the Drata platform on a daily schedule. If a SOC 2 or ISO 27001 audit depends on showing that every endpoint has disk encryption, screen lock, antivirus, a password manager, and automatic updates enabled, the Agent is the thing that produces that evidence. This guide covers exactly what it does, how it works, how to install it on macOS, Windows, and Linux, and what to do when it stops syncing. What Is the Drata Agent? The Drata Agent is a desktop application built with Electron, the same framework used by Slack, VS Code, and Discord. It uses osquery, an open-source endpoint instrumentation tool created at Facebook and now maintained as a Linux Foundation project, to query the operating system for specific configuration values. The Agent runs from the system toolbar — the menu bar on macOS, the system tray on Windows, and the indicator area on Linux — and synchronises once per day with Drata’s backend. The full source code of the Agent has been open source since June 2023. Anyone can audit the code on Drata’s GitHub organisation, including security teams that need to validate it before deploying to the fleet. The Agent supports the latest two major versions of each operating system. On macOS, that currently means macOS 26 (Tahoe) and macOS 15 (Sequoia), with Agent version 3.9.0 or higher. On Windows, it covers the two most recent stable versions Microsoft actively maintains. On Linux, only LTS distributions are supported; Ubuntu 22.04 LTS and 24.04 LTS are the current supported targets.   What the Drata Agent Does (and Does Not Do) The Agent collects a tightly scoped list of configuration data points — specifically the items that map to typical SOC 2 and ISO 27001 device-level controls. The Agent does read: disk encryption status (FileVault, BitLocker, LUKS); screen lock and screensaver configuration; installed antivirus or endpoint protection software; installed password manager applications; operating system version and update status; the list of installed applications and browser extensions for Chrome, Firefox, and Internet Explorer (used to detect AV and password manager presence); and the operating system identifier and machine serial number for asset attribution. The Agent does not read keystrokes, browsing history, file contents, clipboard data, screen contents, network traffic, or any application data. Access is strictly read-only at the system-preferences level. The Agent cannot make changes to the device, push configuration, or remediate failed controls. If a check fails, the employee or IT team fixes it manually; the Agent simply observes whether the fix worked on the next sync. Important: Read-only does not mean invisible. The Agent enumerates installed applications and browser extensions to detect antivirus and password manager presence, and this list is sent to Drata. If that level of visibility is a concern for privacy or works council requirements, address it before rollout — not after. How Does the Drata Agent Work? Once installed and registered, the Agent runs continuously in the background. It performs scheduled checks, reports results to Drata, and updates itself when new versions ship. Synchronization Process The Agent syncs once per day. The sync runs at the first opportunity each calendar day: typically, the first network connection after the device was off or asleep, the moment the user logs in if the Agent autostarts, or any manual trigger from the toolbar menu. The data sent is small — a structured report of the configuration values the Agent read, plus the Agent version and machine identifier. There is no telemetry of user activity. When the sync succeeds, the device’s compliance status in Drata updates within a few minutes. When it fails, the device may show an Unable to get data status, and the corresponding controls in Drata will appear unconfirmed until the next successful sync. Automatic Updates The Agent updates itself. When a new version is released, the Agent shows a notification asking the user to allow the update. Updates are mandatory — running an outdated Agent eventually causes registration and sync failures. Linux installations through Ubuntu’s package manager auto-update via the system updater starting with version 3.6; AppImage installations and Arch AUR builds need to be updated manually or through the AUR helper.   Prerequisites Before Installing the Drata Agent Before installation, three things need to be in place. First, the device user needs an active Drata account with employee onboarding tasks assigned. Second, the operating system must be a supported version. Third, the user needs administrator rights on the device to install the application, since it registers a startup item. The user will also need access to their work email during installation. Registration uses a magic-link verification flow, and the verification email arrives within a minute of clicking Register Drata Agent in the Drata UI. How to Install the Drata Agent on Mac There are two practical paths on macOS: install through Homebrew Cask, or download the signed installer directly from MyDrata. Installation via Homebrew The Drata Agent is published as an official cask in the Homebrew repository, which is the cleanest install method for engineers who already use Homebrew for package management. The cask requires macOS 12 (Monterey) or newer. The install command is: brew install –cask drata-agent After Homebrew finishes, open Drata Agent.app from /Applications, then return to MyDrata and click Register Drata Agent. A magic-link email arrives shortly after. Open the link, copy the token portion of the URL, paste it into the Agent’s register dialog, and confirm. Run or Build the Drata Agent on Mac For organisations that want to build from source rather than use the published package, the GitHub repository contains the full Electron build pipeline. Build prerequisites include Node.js and electron-builder, and the osquery binaries need to be supplied separately. Drata explicitly notes that locally built packages are not signed and that production registration requires an

Read more