Overview
Severity: CRITICAL | Affected: NexusAI | Category: breach
NexusAI, a leading provider of enterprise AI solutions, confirmed a massive data breach where attackers exploited a zero-day vulnerability in their internal MLOps platform. The breach exposed the proprietary model weights for their flagship language model, 'Nexus-Pro', along with several terabytes of sensitive, curated training data sourced from Fortune 500 clients. The threat actors, known as 'DataHydra', have reportedly listed the data for sale on dark web forums, demanding a multi-million dollar ransom. This incident highlights the catastrophic risk of insecure MLOps pipelines and the high value of proprietary AI assets. Security experts are concerned that the leaked model weights could be used to create undetectable deepfakes or launch sophisticated social engineering attacks, while the training data leak represents a major privacy violation for NexusAI's clients. The company's stock plummeted over 30% following the announcement.