Overview
Severity: HIGH | Affected: ChronoAI | Category: breach
AI startup ChronoAI has confirmed a significant data breach after a developer inadvertently committed a privileged API key to a public GitHub repository. The exposed key granted access to a production database containing millions of customer prompts and associated metadata from a three-month period. While the company asserts that model weights and core infrastructure were not compromised, the leaked data includes potentially sensitive user inputs. Security researchers have warned that analysis of these prompts could reveal proprietary business information, personal identifiable information (PII), and other confidential data users had entered into the service. ChronoAI has since rotated all keys, notified affected customers, and implemented stricter code scanning protocols to prevent future secret leaks. The incident highlights the critical importance of robust secrets management and DevSecOps practices within the fast-moving AI industry, where rapid development can often overshadow security fundamentals.