Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, a leading provider of enterprise-grade LLM APIs, disclosed a severe security breach that exposed sensitive customer data and, more alarmingly, the proprietary model weights for its flagship 'Cognito-5' language model. Attackers exploited a previously unknown zero-day vulnerability in a third-party data processing library used within Cognition AI's MLOps pipeline. The leaked data, which appeared on a dark web forum, includes API keys, user prompts, fine-tuning datasets from several Fortune 500 companies, and the full 70-billion parameter model files. This incident highlights the critical risk of supply chain vulnerabilities in AI development and the immense value of trained models as a target for industrial espionage. The company has initiated a full-scale investigation with cybersecurity firms and is forcing a rotation of all customer API keys. The potential for misuse of the leaked model for generating sophisticated disinformation at scale is a significant concern for security researchers.