Overview
Severity: CRITICAL | Affected: Cognito Systems | Category: breach
Cognito Systems, a leading provider of enterprise AI automation solutions, confirmed a major data breach on June 20, 2026. Attackers gained unauthorized access to their core infrastructure, exfiltrating proprietary pre-trained models, fine-tuning data from several Fortune 500 clients, and internal API keys. The breach was reportedly facilitated by a compromised developer credential with excessive permissions on their multi-cloud environment. The attackers leveraged this access to poison a small subset of production models with subtle backdoors designed for later exploitation. Cognito is now working with cybersecurity firms and law enforcement to investigate the full extent of the damage. The incident highlights the growing threat of supply chain attacks targeting the AI development lifecycle and the critical need for robust access controls and model integrity checks in MLOps pipelines.