Overview
Severity: CRITICAL | Affected: Cognition AI | Category: breach
Cognition AI, a leading developer of enterprise-grade LLMs, confirmed a significant data breach after attackers exploited a misconfigured cloud storage bucket. The breach resulted in the exfiltration of highly sensitive internal data, including the pre-release weights for their next-generation model, 'Odyssey-3,' and a database of over 500,000 enterprise customer API keys and hashed credentials. The incident highlights the critical risk of misconfigured cloud infrastructure when storing valuable AI assets. The company's CISO announced that they are collaborating with external cybersecurity firms to investigate the full scope of the attack and have enforced a mandatory API key rotation for all customers. The leaked model weights pose a severe intellectual property threat, potentially allowing competitors to reverse-engineer their proprietary architecture and training methods, significantly impacting their market position.