Vercel AI Updates: April 9, 2026

1. Vercel Adds Team-Wide Zero Data Retention to AI Gateway

Vercel. Vercel expanded AI Gateway’s compliance capabilities with team-wide Zero Data Retention (ZDR), letting organizations enforce strict data policies across their entire team without code changes. The feature routes requests only to providers with negotiated ZDR agreements (Anthropic, OpenAI, Google, and others), offers per-request ZDR for sensitive workflows, and includes a “Disallow Prompt Training” filter. Priced at $0.10 per 1,000 requests on Pro and Enterprise plans. Source

2. High-Severity React Server Components Vulnerability Disclosed (CVE-2026-23869)

Vercel. Vercel disclosed CVE-2026-23869 (CVSS 7.5), a high-severity vulnerability in React Server Components that enables denial of service via specially crafted HTTP requests. Vercel deployed WAF protections automatically, but immediate upgrades are required for affected Next.js versions (13.x-16.x). Patched versions include React 19.0.4/19.1.5/19.2.4 and multiple Next.js releases. Source

3. Vercel Sandbox Now Supports Up to 32 vCPU and 64 GB RAM

Vercel. Enterprise customers can now create resource-intensive sandboxes with up to 32 vCPUs and 64 GB RAM, enabling compute-heavy AI workloads and large model inference within Vercel’s sandboxed environment. Configuration is available via the SDK or CLI. Source