Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
NexusAI, a leading provider of enterprise-grade language models, confirmed a critical security breach after a misconfigured cloud storage bucket exposed internal service credentials. Threat actors discovered the public bucket containing developer access keys, which they used to gain unauthorized access to NexusAI's core infrastructure. The breach resulted in the exfiltration of over 50 terabytes of data, including proprietary datasets used for training their next-generation 'Nexus-5' model and a significant volume of customer-specific fine-tuning data. The company has since revoked all exposed credentials, secured the storage bucket, and notified affected customers. The incident highlights the severe risks of cloud misconfigurations in AI development pipelines, where vast and sensitive datasets are often concentrated. Independent security researchers are now analyzing fragments of the leaked data that have appeared on dark web forums.