Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Prominent AI startup Cognition AI announced a significant security breach that resulted in the exfiltration of sensitive intellectual property and user data. According to the company's disclosure, an unauthorized actor gained access to their cloud infrastructure due to a misconfigured Kubernetes cluster. The attackers successfully downloaded the model weights for Cognition AI's flagship multimodal model, 'Insight-3', along with a database containing 15 million user prompts and their corresponding outputs, some of which contained personally identifiable information (PII). The breach exposes the company to significant IP theft, as the proprietary model could be replicated or repurposed. Furthermore, the leaked prompt data poses a severe privacy risk to users and could be leveraged for sophisticated social engineering campaigns. Cognition AI has since secured the environment, notified affected users, and is working with cybersecurity forensics firms to investigate the full extent of the incident. This breach underscores the critical need for robust cloud security posture management in the AI industry.