Overview
Severity: CRITICAL | Affected: QuantumLeap AI | Category: breach
Cloud AI provider QuantumLeap AI announced a significant security breach on June 15th, resulting in the unauthorized access and exfiltration of millions of user records. The compromised data includes user prompt histories, model responses, and, in some cases, proprietary fine-tuning datasets uploaded by enterprise customers. Attackers reportedly exploited a zero-day vulnerability in a third-party data visualization library used in the company's internal dashboards. This initial access was then escalated using a novel side-channel attack on the GPU clusters used for model inference, allowing them to bypass data sandboxing measures. The incident highlights the growing threat of corporate espionage targeting valuable AI training data and intellectual property. QuantumLeap AI is working with cybersecurity firms and law enforcement and has notified affected customers. The full scope of the breach is still under investigation, but it is considered one of the most significant breaches at a major AI firm to date.