In the weeks following React2Shell's disclosure, our firewall blocked over 6 million exploit attempts targeting deployments running vulnerable versions of Next.js, with 2.3 million in a single 24-hour period at peak. This was possible thanks to Seawall, the deep request inspection layer of the Vercel Web Application Firewall (WAF). We worked with 116 security researchers to find every WAF bypass they could, paying out over $1 million and shipping 20 unique updates to our WAF in 48 hours as new techniques were reported. The bypass techniques they discovered are now permanent additions to our firewall, protecting every deployment on the platform. But WAF rules are only the first line of defense. We are now disclosing for the first time an additional defense-in-depth against RCE on the Vercel platform that operates directly on the compute layer. Data from this defense-in-depth allows us to state with high confidence that the WAF was extraordinarily effective against exploitation of React2Shell. This post is about what we built to protect our customers and what it means for security on Vercel going forward.

Cline, the leading open-source coding agent built for developers and teams, now runs on the Vercel AI Gateway. With more than 1 million developers and 4 million installations, Cline brings an AI coding partner directly into the development environment, grounded in the values of openness and transparency. To support that mission at scale, the team needed infrastructure that matched those principles: fast, reliable, and built on open standards.

Working with v0 is like working with a highly skilled teammate who can build anything you need. v0 is more than just a tool, it’s your building partner. And like with any great collaborator, the quality of what you get depends on how clearly you communicate.

Notion has become the trusted, connected workspace for teams. It's where your PRDs, specs, and project context live. v0 helps those teams turn ideas into dashboards, apps, and prototypes. Today, those workflows connect. You can now securely connect v0 to your Notion workspace, so everything it builds is grounded in your existing docs and databases. Wherever your team's knowledge lives in Notion, v0 can now build on top of it.

We're proud to introduce the inaugural cohort of Vercel Certified Solution Partners. These eleven industry-leading teams share our commitment to create a faster, more accessible, and more innovative web. This program is designed not only to validate partner expertise, but also to help customers confidently choose teams who understand their needs, technical requirements, and the experiences they aim to deliver. Through partner certification, customers are matched with teams proven to deliver exceptional outcomes with Next.js and Vercel, from ambitious redesigns and complex enterprise migrations to new product development.

When we announced the Workflow Development Kit (WDK) at Ship AI just over a month ago, we wanted it to reflect our Open SDK Strategy, allowing developers to build with any framework and deploy to any platform. At launch, WDK supported Next.js and Nitro. Today it works with eight frameworks, including SvelteKit, Astro, Express, and Hono, with TanStack Start and React Router in active development. This post explains the pattern behind those integrations and how they work under the hood.

CVE-2025-55182 is a critical vulnerability in React that requires immediate action. Next.js and other frameworks that React are affected. Read the bulletin and act now.

Every year, Black Friday and Cyber Monday reveal how people shop, browse, and discover products at global scale. For Vercel, the weekend doesn't require a different operating mode. The platform behaves the same way it does every day, only with higher traffic volume. A live dashboard showed the traffic as it played out. This year, traffic reached more than 115.8 billion total requests, reflecting 33.6% year-over-year growth with consistent performance throughout the events. The traffic shape told a familiar story. Requests dipped on Thanksgiving as people stepped away from screens, then surged on Black Friday, stayed elevated through the weekend, and built into a second wave on Cyber Monday. These rhythms played out across every major geography, and the platform adapted continuously without configuration changes or manual intervention. Below is a snapshot of what the weekend looked like.

The team behind Gel Data is joining Vercel to help us invest in the Python ecosystem. Led by Python core developer Yury Selivanov and contributor Elvis Pranskevichus, they will bring world-class support for Python on the AI Cloud.

We are expanding our partnership with AWS to make it faster for developers to build and scale with AWS infrastructure. On December 15th, Aurora PostgreSQL, Amazon DynamoDB, and Aurora DSQL will be available as native integrations in the Vercel Marketplace. These integrations bring the power and scalability of AWS databases directly into your Vercel workflow, so you can focus on shipping products, agents, and websites instead of configuring infrastructure.

We recently released v0 for iOS, Vercel’s first mobile app. As a company focused on the web, building a native app was new territory for us. Our goal was to build an app worthy of an Apple Design Award, and we were open-minded on the best tech stack to get there. To that end, we built dozens of iterations of the product prior to our public beta. We experimented with drastically different tech stacks and UI patterns.

Today we're open-sourcing Workflow Builder, a complete visual automation platform powered by the Workflow Development Kit (WDK). The project includes a visual editor, execution engine, and infrastructure, giving you what you need to build your own workflow automation tools and agents. Deploy it to Vercel and customize it for your use case.