Overview
Severity: CRITICAL | Affected: Cognition Corp | Category: breach
AI startup Cognition Corp has confirmed a major security breach affecting its flagship 'Prometheus' language model. Attackers exploited a zero-day vulnerability in a third-party data processing library used in their MLOps pipeline, gaining access to terabytes of sensitive data. The leaked dataset includes a significant portion of the model's proprietary training data, as well as millions of user prompts and generated outputs from their enterprise API customers. The breach exposes sensitive corporate information, proprietary algorithms, and potentially PII used in fine-tuning. This incident highlights the critical vulnerability of the AI supply chain and the immense security risk associated with centralized, large-scale training data repositories. The company is now facing regulatory scrutiny and has paused new customer onboarding while it conducts a full security audit.