Overview
Severity: CRITICAL | Affected: Cognition Labs | Category: breach
AI startup Cognition Labs confirmed a critical security breach that resulted in the exfiltration of proprietary model weights for its upcoming 'Nexus-5' generative model, along with a significant portion of its curated training dataset. The attackers exploited a zero-day vulnerability in a cloud orchestration service to gain access to the company's core infrastructure. In addition to intellectual property, the breach exposed over 10 million user prompt and response logs from their enterprise customers, raising serious privacy concerns. The incident highlights the growing threat of sophisticated attacks targeting high-value AI assets. Cognition Labs has paused API access for affected services and is working with cybersecurity firm Mandiant to investigate the full scope of the breach. The leaked model weights could enable threat actors to replicate the model and exploit its weaknesses.