Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

Vercel CEO warns UK firms: AI agents risk data leaks without proper controls

Vercel's Guillermo Rauch says the biggest risk with AI agents is that they may inadvertently train on sensitive corporate data. The company has launched new tools to help businesses deploy agents safely in production.

  • Vercel now handles more than 1 trillion tokens daily through its AI gateway, with half of 6 million daily deployments triggered by coding agents.
  • CEO Guillermo Rauch warns that AI coding tools could train on entire codebases if not properly sandboxed, citing a conversation with Airbus's president.
  • Vercel has introduced Eve, a natural-language framework for agent instructions, and Vercel Sandbox, which restricts agent data access and prevents data exfiltration.
  • Rauch identifies two 'killer apps' for agents: coding assistants and internal corporate agents that unlock data trapped in SaaS platforms.
  • The shift from prototyping to production raises urgent questions about data governance, audit trails, and access controls for UK businesses.

Vercel, the cloud infrastructure company that lets developers deploy AI agents without managing servers, has become a central player in the UK's fast-growing AI software ecosystem. At its ShipNYC conference last week, CEO Guillermo Rauch told TechCrunch that the industry has moved beyond the prototyping phase into the hard realities of production. The company now processes more than 1 trillion tokens daily through its AI gateway and sees 6 million deployments a day, half of them triggered by coding agents.

Rauch's core message for UK businesses is one of caution: AI agents, particularly coding assistants, pose a real risk of inadvertently training on sensitive proprietary data. 'A real risk of AI that I always think about is, when you get a coding IDE like Devin or Cursor, if you're in the wrong setting, they may train on your entire codebase,' Rauch said. He recounted a conversation with Airbus's president about decades of highly specific C++ code for aerospace engineering being exposed to the cloud for training by an ill-configured developer tool.

To address these concerns, Vercel has launched two new tools. Eve is a framework that allows organisations to define an agent's instructions and skills in natural language, creating an auditable trail of tool calls and access controls. Vercel Sandbox places agents in a 'cage' where they retain their intelligence but are subject to strict policies on what data they can access and what data can leave the sandbox. This is particularly relevant for UK companies subject to the Information Commissioner's Office (ICO) guidance on AI and data protection, as well as the EU AI Act, which imposes strict transparency and risk-management requirements on high-risk AI systems.

The second 'killer app' Rauch identified is the internal corporate agent. At Vercel, a sales representative can now ask an agent: 'Give me the five accounts that have added the most seats in the last two weeks' — a query that previously required waiting months for a new dashboard. Rauch argues that agents are 'forcing companies to open up' and breaking the data silos that SaaS giants have built. For UK businesses, this promises dramatic productivity gains but also demands robust governance frameworks to prevent data leakage and ensure compliance with UK data protection law.

For the UK economy, the implications are significant. As more British companies deploy AI agents in production, the need for secure, auditable infrastructure becomes critical. The ICO has already signaled that organisations using AI must be able to demonstrate how they comply with data protection principles, including data minimisation and purpose limitation. Vercel's approach — sandboxing agents and providing natural-language policy controls — offers a template for balancing innovation with regulatory compliance. However, Rauch's warning about SaaS giants 'trapping your data' also highlights a strategic risk: UK firms may become overly dependent on US cloud platforms unless domestic alternatives or strong data portability rights emerge.

Why this matters: UK businesses are rapidly adopting AI agents, but without proper safeguards they risk leaking proprietary data to cloud providers, potentially breaching ICO rules and the EU AI Act. Understanding how to deploy agents securely is now a competitive necessity.

What this means for you: What this means for you: If your employer uses AI coding assistants or internal agents, your company's proprietary data — and possibly your personal data — could be exposed to third-party AI training unless strict sandboxing and audit controls are in place.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.