Overview
Severity: CRITICAL | Affected: SynthAI | Category: breach
AI solutions provider SynthAI announced a significant data breach today, exposing sensitive information from over five million user accounts. The breach was traced back to a misconfigured cloud storage bucket that was publicly accessible for several weeks. Exposed data includes private datasets uploaded by customers for fine-tuning proprietary models, as well as millions of historical user prompts and their corresponding model outputs. This incident raises critical concerns about intellectual property theft, as many businesses use SynthAI to build models on confidential corporate data. Security researchers warn that the exposed prompt histories could also be used to reverse-engineer user behavior or extract personally identifiable information. SynthAI has since secured the bucket and is currently notifying all affected customers. The company has engaged a third-party cybersecurity firm to conduct a full audit of its cloud infrastructure and security policies to prevent future occurrences. The incident underscores the critical importance of robust cloud security posture management in the AI industry.