Overview
Severity: CRITICAL | Affected: Nexus AI | Category: breach
Nexus AI, a leading provider of enterprise AI solutions, has confirmed a significant data breach affecting its cloud-based model fine-tuning service. The breach, which occurred in late January 2025, resulted from a misconfigured serverless function granting unauthorized access to a multi-tenant storage bucket. The attackers exfiltrated approximately 5 million proprietary fine-tuning datasets from over 1,200 enterprise customers, including sensitive business plans, internal code, and customer PII used for model training. The company disclosed that user prompts and model responses from the affected period were also compromised. Nexus AI is now working with cybersecurity firm Mandiant to investigate the incident and has notified all affected customers. The breach highlights the critical risk of insecure cloud infrastructure in AI supply chains and the immense value of training data as a target for corporate espionage.