Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
NexusAI, a leading AI development firm, confirmed it suffered a significant data breach originating from a supply-chain attack on a third-party data annotation partner. The breach exposed a repository containing pre-release weights for its upcoming 'Nexus-5' model, a large subset of proprietary training data, and millions of user prompt-completion pairs from enterprise clients. Attackers leveraged compromised credentials at the vendor to access a shared cloud storage bucket. The incident highlights the growing threat of targeting the broader AI development lifecycle beyond deployed models. NexusAI is conducting a full-scale investigation and has notified affected customers. The leaked data, which has reportedly appeared on a dark web forum, could be used for model replication, creating targeted phishing attacks, and extracting sensitive corporate information, posing a critical risk to NexusAI and its clients.