Overview
Severity: CRITICAL | Affected: Nexus AI | Category: incident
Nexus AI revealed a sophisticated supply chain attack targeting its flagship 'Aethel' large language model. Attackers, believed to be state-sponsored, gained access to the company's data curation pipeline over several weeks. Instead of exfiltrating the model weights, the threat actor subtly manipulated a small fraction of the pre-training dataset with biased and factually incorrect information related to specific geopolitical topics. The poisoning was designed to be dormant and only manifest when the model was prompted about sensitive international relations, subtly promoting a specific political narrative. The incident was detected by Nexus AI's internal red-teaming unit after noticing anomalous outputs during routine safety evaluations. The company is now undertaking a costly retraining process and has warned customers of potential untrustworthy outputs from models trained during the compromise window. The attack highlights the growing threat of data poisoning as a form of information warfare.