22 months. That's how long an attacker had access to Vercel's internal systems before anyone noticed. If you're running anything on Vercel, that number should concern you more than whatever model dropped this week. Vercel disclosed a security incident on April 19th. A compromised