Overview
Severity: CRITICAL | Affected: Nexus AI | Category: breach
Nexus AI, a leading generative AI firm, confirmed a significant security breach that resulted in the exfiltration of sensitive corporate data and user information. Attackers exploited a chain of vulnerabilities, beginning with a compromised developer credential obtained via a phishing campaign, which provided access to an improperly secured cloud storage environment. The breach exposed over 15 million user conversation logs, API keys, and, most critically, the full weight sets for two of their pre-production language models, 'Nexus-gamma' and 'Nexus-delta'. This incident highlights the immense value of AI model weights as a target for industrial espionage and raises serious concerns about the security posture of companies developing foundational models. The stolen models could be reverse-engineered or deployed by malicious actors, posing a significant threat to Nexus AI's competitive advantage and the broader AI ecosystem.