Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
Cloud-native AI provider NexusAI has disclosed a major security breach resulting from a misconfigured cloud storage bucket. The exposed data includes over 10 million user-submitted prompts from its flagship 'NexusCreate' image generation service, some of which contained personal information. More critically, the breach also exposed several terabytes of proprietary, curated training datasets used for their specialized enterprise models, potentially revealing trade secrets and unique data sourcing methods. The incident was discovered by a security researcher who found the bucket publicly accessible with no authentication. NexusAI has since secured the bucket and is notifying affected users. The breach highlights the persistent risks of cloud misconfigurations in MLOps pipelines and the high value of curated training data as a target for industrial espionage.