Overview
Severity: CRITICAL | Affected: Nexus AI | Category: breach
Nexus AI, a leading developer of foundational models, has confirmed a significant security breach that resulted in the exfiltration of proprietary model weights and terabytes of curated training data. The incident, which occurred last week, was traced back to a compromised third-party data labeling tool integrated into their MLOps pipeline. Attackers exploited a zero-day vulnerability in the tool to gain access to cloud storage credentials, allowing them to access and copy sensitive assets for their upcoming 'Nexus-5' model. This breach highlights the growing threat of supply chain attacks targeting the AI development lifecycle. Nexus AI has since patched the vulnerability, rotated all credentials, and is working with law enforcement and cybersecurity firms to investigate the full extent of the damage. The incident raises critical concerns about intellectual property theft and the potential for malicious actors to replicate or fine-tune state-of-the-art models.