Overview
Severity: CRITICAL | Affected: SynthVoice Inc. | Category: breach
AI voice-cloning startup SynthVoice Inc. has disclosed a critical security breach affecting over five million users. Attackers exploited a vulnerability in an open-source MLOps orchestration tool used in the company's training pipeline. This allowed them to gain access to production databases containing user PII, email addresses, and, most critically, raw audio files and the resulting AI-generated voice models. The breach poses a severe threat, as the stolen biometric data could be used for sophisticated deepfake scams, identity theft, and unauthorized voice authentication bypasses. Security experts state the incident highlights the growing attack surface of the AI supply chain and the need for stricter security controls and permissions separation between development and production environments in MLOps workflows. The company is now working with law enforcement and has suspended new user registrations.