Overview
Severity: CRITICAL | Affected: Vocalize AI | Category: breach
Vocalize AI, a prominent provider of voice synthesis and cloning services for corporate and entertainment clients, disclosed a critical security breach. Attackers exploited an unsecured API endpoint in their data pipeline, gaining access to a production database containing millions of user voiceprints. This biometric data, used to train the company's AI models, was exfiltrated along with user PII. The incident poses a severe threat, as the stolen voiceprints could be used to bypass voice-based authentication systems, create deepfake audio for social engineering attacks, and generate unauthorized content. Vocalize AI has suspended the affected API and is working with law enforcement. The breach underscores the high-value nature of biometric training data and the catastrophic impact of its compromise.