Overview
Severity: CRITICAL | Affected: SynthAI | Category: breach
AI startup SynthAI has disclosed a major security breach where attackers exploited a vulnerability in their MLOps pipeline, gaining access to core infrastructure. The breach resulted in the exfiltration of proprietary model weights for their flagship generative video model, 'Kinetix-3,' along with sensitive customer data, including API keys and usage logs for several Fortune 500 clients. The threat actors, known as 'DataWeavers,' have posted a portion of the stolen data on a dark web forum, demanding a substantial ransom. This incident highlights the growing threat of targeting AI-specific assets like model weights, which are considered the new 'crown jewels' for AI companies. Security experts are analyzing the attack vectors, which appear to involve a sophisticated social engineering campaign targeting a lead ML engineer. The company has temporarily suspended its API services and is working with cybersecurity firms to mitigate the damage and notify affected customers.