Overview
Severity: CRITICAL | Affected: Nexus AI | Category: breach
Nexus AI, a leading provider of enterprise-grade language models, has confirmed a critical data breach that exposed over 15 million user prompts and a significant portion of its proprietary fine-tuning datasets. The breach was discovered after a threat actor listed the data for sale on a popular dark web forum. The investigation revealed that a misconfigured cloud storage bucket, left publicly accessible without authentication, was the point of entry. The exposed data includes raw user queries, model responses, personally identifiable information (PII) embedded in the prompts, and sensitive corporate data used by customers for model customization. The incident highlights the severe security risks associated with storing large volumes of AI training and interaction data, raising concerns about supply chain security for businesses relying on third-party AI services.