Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
NexusAI, a leading developer of foundational AI models, confirmed a significant security breach that occurred in late February 2025. Attackers, believed to be state-sponsored, gained access to the company's core MLOps environment by compromising a third-party developer tool. The breach resulted in the exfiltration of the full model weights for their flagship 'Nexus-4' language model, an act of major intellectual property theft. Furthermore, a database containing over 50 million customer prompts and their corresponding outputs from the last quarter was also compromised. This dual-pronged attack not only exposes NexusAI's core technology to replication and analysis but also represents a severe privacy violation for its enterprise customers. The company has since invalidated all exposed API keys and is working with cybersecurity firms to investigate the full scope of the incident.