I’m a cybersecurity professional, here’s why I’m preparing for an AI data breach

Today's threat of a third-party data vendor breach

Opinion By Mike Kosak published 15 March 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter

Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

Recently, OpenAI acknowledged a security breach at a third-party data analytics vendor that led to the exposure of some of its API users’ personal information, including email addresses, names, and browser details.

The incident on its own underscores the continuing issues surrounding supply chain targeting the risks of third-party data exposure but beyond that, the incident serves as a potential shot across the bow for the cybersecurity community and the broader public in general.

Mike Kosak

Director of Threat Intelligence at LastPass.

Treasure trove of data

AI companies are a treasure trove of data. Not just the data the models are trained on or even the intellectual property involved in the actual technology- AI can be viewed akin to Cloud Service Providers (CSPs) as repositories for a massive amount and variety of customer-provided data.

Article continues below

As we saw in the late 2010s, nation-states and other threat actors increased their targeting of CSPs to maximize their return on investment, and it is a matter of time until we see a major breach of one of the AI companies and the accompanying exposure of personal and proprietary data.

The data is too attractive, and threat actors are too capable.

This isn’t to take anything away from the security programs at these companies; on the contrary, there is no doubt that, particularly among the most advanced firms that would draw the biggest interest among threat actors, the security programs are world-class and incredibly well-resourced and operated, but it’s the classic issue of defenders need to be right all the time and attackers only need to be right once.

Secure by design

To be clear, this isn’t even taking into consideration the recent security issues identified within Moltbook after it was rapidly adopted in the last few weeks, including major vulnerabilities independently discovered by both Wiz, as captured in their excellent blog post, and Jameson O’Reilly which were highlighted by 404 Media.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors