Overview
Severity: CRITICAL | Affected: CognitoAI | Category: breach
Enterprise AI provider CognitoAI disclosed a significant security breach affecting its core platform. Attackers exploited a vulnerability in a third-party data ingestion library used for model fine-tuning, gaining unauthorized access to the company's cloud storage. The breach resulted in the exfiltration of proprietary, fine-tuned large language models for several Fortune 500 clients, as well as sensitive corporate data used in the training sets. The compromised data includes internal financial reports, customer support chat logs, and strategic documents that clients had used to customize their AI assistants. CognitoAI has since patched the vulnerability and is working with cybersecurity firms to investigate the full scope of the incident. The breach highlights the immense risk associated with concentrating sensitive corporate data for AI training and the need for robust supply chain security for AI/ML development pipelines. The company's stock fell over 30% in after-hours trading following the announcement.