Overview
Severity: CRITICAL | Affected: ChronoAI | Category: breach
Emerging AI leader ChronoAI announced a significant security breach affecting its core infrastructure. Attackers, believed to be a state-sponsored group, exploited a zero-day vulnerability in a third-party data processing library used in their MLOps pipeline. The breach resulted in the exfiltration of over 50 terabytes of data, including parts of their proprietary curated training datasets for their upcoming Chronos-3 model, as well as an archived database of user prompts from their enterprise clients from Q4 2024. The incident highlights the growing threat of supply-chain attacks targeting the AI industry's most valuable assets: data and models. ChronoAI is currently working with cybersecurity firms to assess the full impact, which could include the potential for competitors to reverse-engineer their data curation techniques and a significant privacy risk for affected customers. The company has since patched the vulnerability and is accelerating its internal security audits.