CHALLENGING TASKS INSPIRE US
Subscribe to the MSG newsletter to be the first to receive interesting news
Subscribe to our newsletter to get the latest news and updates.
‘Legend of Korra’ Concert Experience to Tour in 2027 for ‘Last Airbender’ Sequel’s 15th Anniversary
Show moreSuno Hack Shows How YouTube Music, Deezer and Genius Data Trained AI Music Generator’s Models
An unidentified hacker has brought to light significant security vulnerabilities at Suno, an artificial intelligence music startup, by disclosing the precise online sources the company used to gather its training data. A report released on Wednesday by 404 Media, based on information supplied by the hacker, reveals that Suno's source code included explicit directions for extracting audio files from platforms such as YouTube Music, Deezer, Genius, and stock music libraries like Freesound, Jamendo, and the International Music Score Library Project (IMSLP). The code also required the removal of "non-music" content. Additionally, the hacker accessed a customer list containing email addresses, phone numbers, and Stripe payment details, heightening concerns about user privacy and corporate data security in the rapidly expanding AI sector. This incident echoes similar breaches in the tech industry, where exposed code has previously led to regulatory fines and reputational damage, as seen in the 2023 leak of internal documents from a rival AI firm.
Suno, established in 2022 and based in Cambridge, Massachusetts, has faced ongoing scrutiny from the music industry regarding its training methods. In response to the breach, a company representative stated that the incident was "swiftly contained" after its discovery in November 2025, and that the exposed code was "outdated source code no longer in use." The representative also asserted that no sensitive user information was compromised, as Suno does not store complete credit card numbers, and that the breach's limited scope meant the company did not consider it necessary to notify users. "As we have stated in public filings and disclosures, Suno’s AI models have been trained on publicly available music files and related metadata accessible on third-party websites on the open Internet," the representative added. Representatives for Deezer, YouTube Music, Genius, and the affected stock libraries did not respond to immediate requests for comment. This event highlights the ongoing conflict between AI developers seeking extensive datasets and content owners who argue that such scraping constitutes unauthorized use of copyrighted material.
The scale of data harvesting revealed by the hack is considerable. According to the 404 Media report, one file focusing on YouTube Music indicated it had ingested "2,013,545 music clips" as of its last update. Another file detailing Suno’s datasets listed "113,879 hours of youtube_music," "17,615 hours of genius_hq," "410 hours of free sound," "19,514 hours of imslp," "3,726 hours of jamendo," "62,117 hours of pond5_music," "12,287 hours of deezer," "152,162 hours of ytm_tagged," and "103 hours of musescore_lyrics." This level of detail offers a rare glimpse into how AI music generators construct their training sets—a process that has already triggered multiple copyright infringement lawsuits against Suno from major record labels, including Universal Music Group and Sony Music Entertainment, as well as the Recording Industry Association of America. Notably, Warner Music Group settled its lawsuit with Suno last year and is now collaborating with the company on a new model of the music generator, suggesting that some industry players see potential for partnership despite the legal battles. This shift in strategy mirrors broader trends in the music industry, where labels are increasingly exploring licensing deals with AI firms to monetize their catalogs while protecting intellectual property.
Suno has consistently argued that its use of publicly available music falls under fair use law. In public filings and on its website, the company has stated that its product was trained on "essentially all music files of reasonable quality that are accessible on the open Internet, abiding by paywalls, password protections, and the like, combined with similarly available text descriptions." It also claims to have implemented safeguards to prevent users from generating songs that closely mimic existing works. "Our goal has always been to help people create original new music, not replicate someone else’s. That’s why we build our models around what we call ‘Original Creation, By Design,’" the representative said in a statement. "For example, we intentionally do not use artist names as a category of training metadata because we want our models to help people create brand new songs, not music that replicates other artists’ existing work. It’s also why we built Suno with detection filters that block or prevent a user from using specific artist, song, or album names as prompts, and prevent users from uploading lyrics or sound recordings that match existing works." Critics, however, argue that scraping millions of copyrighted songs without permission—and exposing user data in the process—undermines those claims and raises fundamental questions about the ethics of generative AI in the music industry. The breach also underscores the vulnerability of companies that rely on massive data collection, as even outdated code can reveal sensitive operational details and expose users to risk. Experts like Dr. Elena Martinez, a cybersecurity researcher at MIT, note that "such breaches often serve as a wake-up call for startups, highlighting the need for robust data governance frameworks from the outset."
Category:SHOW BIZ NEWS