Overview
Severity: CRITICAL | Affected: SynthAI | Category: breach
SynthAI, a leading generative AI company, confirmed a critical security breach resulting in the exfiltration of proprietary model weights and millions of customer records. The incident, which occurred last week, is believed to have been orchestrated by a sophisticated threat actor who gained access via a targeted phishing campaign against a senior machine learning engineer. The compromised data includes the weights for two unreleased flagship models, codenamed 'Prometheus' and 'Janus,' representing a significant loss of intellectual property. Furthermore, a database containing over 50 million user prompts and their corresponding outputs was accessed, raising severe privacy concerns for customers, including several Fortune 500 companies. SynthAI has initiated an internal investigation with external cybersecurity experts and is notifying affected customers. The breach highlights the growing threat of industrial espionage targeting the AI sector.