Overview
Severity: CRITICAL | Affected: CognitiveAI | Category: breach
CognitiveAI, a leading developer of generative models, confirmed it fell victim to a devastating security breach. Attackers successfully exfiltrated the complete model weights for its flagship proprietary language model, 'Cerebrum-4,' and a database containing over 50 million user prompt-and-response records. The initial intrusion vector was a sophisticated spear-phishing campaign targeting a senior machine learning engineer, which led to compromised cloud infrastructure credentials. The stolen data has reportedly already appeared on dark web forums, posing a critical threat to CognitiveAI's intellectual property and the privacy of its users. The incident highlights the growing trend of threat actors targeting valuable AI assets directly. CognitiveAI has since suspended its public API access and engaged a leading cybersecurity firm to investigate the full extent of the damage and remediate the vulnerabilities.