Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, a prominent developer of enterprise language models, confirmed it was the victim of a severe data breach. The incident, which occurred in late May, was orchestrated by an insider who exfiltrated several terabytes of sensitive data. The stolen assets include the proprietary pre-trained model weights for their upcoming 'Catalyst-2' model, a critical piece of intellectual property. Additionally, a database containing over 50 million user prompts and their corresponding AI-generated outputs from the company's enterprise clients was compromised, raising significant privacy concerns. Cognition AI's incident response team, assisted by external cybersecurity experts, stated that the threat actor exploited a misconfigured internal access control policy for a cloud storage service. The company has since revoked the compromised credentials and is implementing stricter access management protocols. The incident highlights the growing risk of insider threats targeting the valuable IP and data held by AI companies.