Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
NexusAI, a prominent provider of AI-driven developer tools, announced a major security breach affecting its cloud infrastructure. Attackers exploited a zero-day vulnerability in a third-party data visualization library to gain unauthorized access to production databases. The breach resulted in the exfiltration of a significant volume of sensitive data, including millions of user API keys, private code repositories, and user prompts. Most alarmingly, the threat actors successfully stole the proprietary model weights for NexusAI's upcoming 'Codex-V' language model. The company has since invalidated all API keys and is urging users to rotate their credentials immediately. This incident highlights the growing threat of supply chain attacks targeting the AI industry and the immense value of proprietary model IP.