Overview
Severity: CRITICAL | Affected: Cognito Systems | Category: breach
Enterprise AI leader Cognito Systems has disclosed a critical security breach that occurred in late January 2025. Attackers exploited a zero-day vulnerability in a popular MLOps data orchestration tool, gaining access to the company's core production environment. The breach resulted in the exfiltration of sensitive data, including the source code and weights of two of Cognito's flagship proprietary language models. Furthermore, a database containing over 50 million customer prompts and their corresponding outputs from the last quarter was compromised. Security experts warn that the leaked model weights could allow competitors or malicious actors to replicate the models, while the customer data could be used for targeted phishing campaigns or to extract sensitive business information. Cognito Systems is working with federal law enforcement and has released patches for its on-premise solutions.