Overview
Severity: CRITICAL | Affected: Nexus AI | Category: breach
Nexus AI, a leading provider of enterprise AI solutions, confirmed a major security breach that resulted in the exfiltration of several proprietary large language model weights and a database containing over 15 million user records. The attackers, identified as the 'GhostNet' syndicate, exploited a zero-day vulnerability in a third-party MLOps platform used by Nexus AI for model training and deployment. The exposed data includes user prompts, fine-tuning datasets, and API keys. The leak of the model weights is particularly damaging, as it could enable reverse-engineering of their architecture and training data, posing a significant intellectual property and security risk. Nexus AI has since patched the vulnerability and is working with law enforcement.