Overview
Severity: CRITICAL | Affected: Nexus AI | Category: breach
Nexus AI, a leading provider of enterprise-grade large language models, has confirmed a critical security breach that resulted in the exfiltration of sensitive fine-tuning datasets and production prompts from over 500 of its enterprise clients. The attackers gained access via a compromised CI/CD service account token that was inadvertently exposed in a public GitHub repository. This token granted extensive read access to a cloud storage bucket containing customer data pipelines. The exposed data includes proprietary source code, internal financial projections, and strategic business plans that were used to customize Nexus AI's models. The incident highlights the severe supply-chain risks associated with integrating AI systems into core business operations and the critical need for stringent secret management and infrastructure security. Nexus AI is currently working with affected customers and has initiated a full security audit.