Overview
Severity: CRITICAL | Affected: Chroma AI | Category: breach
Leading AI firm Chroma AI disclosed a critical security breach that occurred in early February 2025. Attackers exploited a zero-day vulnerability in a third-party data processing library used within their MLOps pipeline. The breach resulted in the exfiltration of a significant portion of their proprietary training dataset, user prompt history from a two-month period, and, most critically, the pre-release weights for their upcoming 'Chroma-5' language model. The incident highlights the growing threat of supply-chain attacks targeting AI infrastructure. Chroma AI has taken the affected systems offline, notified impacted users, and is working with cybersecurity firms and law enforcement. The theft of model weights represents a major intellectual property loss and raises concerns about the potential for malicious replication or misuse of their advanced AI.