Overview
Severity: CRITICAL | Affected: SynthCore AI | Category: breach
SynthCore AI, a leading MLOps platform, has disclosed a critical security breach affecting thousands of its customers. The incident, which occurred in late June, was traced back to a sophisticated supply chain attack. Threat actors successfully poisoned several popular machine learning datasets hosted on a third-party repository that SynthCore's platform integrates with. By embedding malicious payloads within benign-looking data samples, the attackers were able to achieve remote code execution during the model training process on SynthCore's infrastructure. This allowed for the exfiltration of sensitive training data, proprietary model weights, and API keys from a significant number of customer environments. The attack highlights the growing threat of data poisoning in the AI supply chain and the inherent trust placed in public datasets. SynthCore has released patches and is working with affected customers on remediation.