Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, a leading provider of enterprise-grade large language models, disclosed a significant security breach that occurred in late May 2026. Attackers exploited a misconfigured cloud storage bucket, gaining unauthorized access to a database containing approximately 10 million user prompts and associated metadata from their flagship 'Synapse-4' model API. More critically, the breach also exposed proprietary fine-tuning datasets uploaded by over 500 enterprise customers, potentially revealing sensitive corporate information, trade secrets, and personally identifiable information (PII) used to customize the models. The company has notified affected customers and is working with cybersecurity firm Mandiant to investigate the full extent of the incident. The breach highlights the growing risk of data poisoning and intellectual property theft as more organizations integrate sensitive data with third-party AI platforms.