Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
NexusAI, a leader in generative AI development, confirmed today a catastrophic security breach that occurred in late January 2025. Attackers, attributed to a state-sponsored APT group, utilized a sophisticated spear-phishing campaign targeting senior machine learning engineers. This granted them access to internal data repositories containing terabytes of proprietary, curated training data for NexusAI's upcoming 'Odyssey' model. The exfiltrated data includes not only sensitive corporate information and model weights but also vast amounts of scraped personal data that had not yet been fully anonymized, creating a significant privacy risk. Furthermore, internal documents detailing the novel model architecture and training methodologies were stolen, compromising years of research and giving competitors a direct look into their core intellectual property. The company has notified regulatory bodies and is working with cybersecurity firms to assess the full impact, which is expected to be financially and reputationally severe. The incident highlights the growing threat of targeting AI infrastructure as a new vector for corporate espionage and data theft.