Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
NexusAI, a leading AI research lab, confirmed a significant data breach exposing terabytes of its proprietary training data used for the upcoming Aura-5 large language model. The breach was traced back to a misconfigured cloud storage bucket that was publicly accessible for several weeks. The exposed dataset reportedly contains a mix of scraped web data, licensed content, and synthesized data, with early analysis revealing improperly anonymized personally identifiable information (PII) from user interactions with previous models. Security researchers are concerned that malicious actors could use this data to perform model poisoning attacks, reverse-engineer model architecture, or exploit the exposed PII. The incident has triggered an internal investigation and has been reported to data protection authorities. NexusAI has delayed the release of Aura-5 indefinitely to assess the full impact on the model's integrity and safety.