Overview
Severity: CRITICAL | Affected: SynthAI | Category: breach
Emerging AI leader SynthAI disclosed a critical security breach that occurred over the last month, resulting in the exfiltration of sensitive corporate and user data. Threat actors exploited a zero-day vulnerability in a third-party data-processing library used in SynthAI's MLOps pipeline. The breach exposed the full model weights for an unreleased version of their flagship LLM, 'Nexus-5', along with an estimated 20 terabytes of user prompt and response data from the last quarter. Security analysts fear the leaked model weights could be used by competitors or malicious actors to create unsanctioned derivatives or find new exploits. The user data leak raises significant privacy concerns, as it includes potentially sensitive personal and business information. SynthAI has since patched the vulnerability, engaged a leading cybersecurity firm for forensics, and begun notifying the millions of affected users. The incident highlights the growing threat of supply-chain attacks targeting AI companies and their valuable intellectual property.