Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, the creators of the popular 'Synapse' code generation model, disclosed a severe security breach that occurred in late February 2025. Attackers exploited a zero-day vulnerability in a third-party data pipeline orchestration tool to gain unauthorized access to the company's core infrastructure. The breach resulted in the exfiltration of a significant portion of the Synapse model's pre-trained weights, along with terabytes of proprietary training data, including curated code from enterprise clients. The company has notified affected customers and is working with cybersecurity firms to investigate the full extent of the compromise. The incident highlights the growing threat of industrial espionage targeting the intellectual property of leading AI firms and raises concerns about the security posture of the AI supply chain. The attackers are believed to be a state-sponsored group.