Overview
Severity: CRITICAL | Affected: Chroma Weaver AI | Category: breach
Emerging AI unicorn Chroma Weaver AI announced a significant security incident affecting its flagship image generation model, Spectrum v4. Attackers exploited a previously unknown vulnerability in the model's API endpoint, allowing them to perform a sophisticated model inversion attack. By sending carefully crafted queries, the threat actors were able to reconstruct portions of the model's sensitive training data. The leaked data includes proprietary digital artwork from partner studios used for fine-tuning, as well as personally identifiable information (PII) that was inadvertently scraped in a private dataset. The company has temporarily suspended the affected API, initiated a full security audit, and is notifying impacted partners and users. This incident highlights the severe risks associated with training data privacy and the need for robust defenses against model reconstruction attacks in production environments.