Overview
Severity: CRITICAL | Affected: Cognitive Dynamics | Category: breach
Cognitive Dynamics, a leader in enterprise AI solutions, confirmed a critical security breach today. Threat actors exploited a zero-day vulnerability in a popular open-source MLOps orchestration tool used in their CI/CD pipeline. This allowed the attackers to gain privileged access to the company's cloud environment, resulting in the exfiltration of several proprietary, fine-tuned large language models tailored for major financial and healthcare clients. In addition to the theft of valuable intellectual property, the attackers also accessed and stole sensitive customer datasets used for model training, including personally identifiable information (PII) and protected health information (PHI). The incident highlights the growing threat of supply chain attacks targeting AI infrastructure and the immense value of trained models on the black market. Cognitive Dynamics is currently working with cybersecurity firms and law enforcement to investigate the full scope of the breach and has begun notifying affected customers.