Overview
Severity: CRITICAL | Affected: SynthWeaver AI | Category: breach
Leading AI firm SynthWeaver AI disclosed a severe security breach that occurred in late February. Attackers leveraged a sophisticated spear-phishing campaign to gain an initial foothold, eventually compromising a cloud infrastructure engineer's credentials. This access allowed them to exfiltrate the proprietary model weights for SynthWeaver's upcoming 'Phoenix-2' large language model. Furthermore, the breach exposed a production database containing API logs for over 50,000 enterprise customers, including user prompts and personally identifiable information (PII). The company has since invalidated the compromised credentials and is working with cybersecurity experts to assess the full impact. The incident highlights the growing threat of intellectual property theft targeting AI companies and the critical need for robust multi-layered security controls around model development and data storage environments.