Overview
Severity: CRITICAL | Affected: Nexus AI | Category: breach
Nexus AI, a leading competitor to OpenAI and Anthropic, has confirmed a catastrophic data breach resulting from a misconfigured public cloud storage bucket. The breach exposed over 30 terabytes of sensitive data, including the full model weights for their unreleased flagship model, 'Cognito-5', and a significant portion of its pre-training dataset. Security researchers discovered the open bucket, which contained not only the proprietary model architecture but also internal documents and curated training data that included scraped personal information and copyrighted material. The leak poses a severe threat to Nexus AI's competitive advantage and intellectual property, as the model can now be replicated by anyone. It also raises significant privacy concerns due to the personally identifiable information (PII) present in the exposed training set. The incident highlights the critical importance of robust cloud security hygiene and data governance in the high-stakes AI development landscape. Nexus AI has since secured the bucket and is working with cybersecurity firms to assess the full impact.