Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
NexusAI, a leading developer of foundational models, confirmed today it suffered a sophisticated data breach. Attackers exploited a zero-day vulnerability in a third-party data processing library used in their MLOps pipeline, gaining access to critical production systems. The breach resulted in the exfiltration of over 500GB of sensitive data, including pre-trained weights for their upcoming flagship model 'Nexus-5', proprietary training datasets, and millions of user conversation logs from their enterprise API customers. The company has notified affected customers and is working with cybersecurity firms to investigate the incident. The exposure of proprietary model weights represents a significant intellectual property loss and a competitive blow, while the leak of user data raises severe privacy concerns. Security analysts believe the attackers may have been a state-sponsored group aiming to steal advanced AI technology.