Overview
Severity: CRITICAL | Affected: NeuraForge | Category: breach
NeuraForge, a popular MLOps and AI development platform, disclosed a critical security breach that resulted in the exfiltration of customer data and several proprietary foundational models. Attackers exploited a zero-day vulnerability in a third-party data visualization library used in the platform's administrative dashboard. This allowed them to gain privileged access to NeuraForge's core infrastructure, including model weight repositories and training datasets. Over 50 enterprise customers are affected, with at least three custom-trained, high-value models reportedly stolen. The incident has raised serious concerns about supply chain security within the AI ecosystem. NeuraForge has patched the vulnerability and is working with cybersecurity firms to investigate the full extent of the breach and the potential for the stolen models to be misused or replicated.