A cybercrime forum user is claiming to have breached Darsa AI, an artificial intelligence company that develops workplace safety and security solutions, alleging the theft of roughly 90 GB to 100 GB of internal data including source code, cloud credentials, employee information, databases, and confidential communications. The claims have not been independently verified by BreachNews.
According to the forum post, the alleged intrusion lasted approximately one week and resulted in access to Darsa AI’s Microsoft 365 environment, OneDrive storage, internal databases, development systems, and cloud infrastructure. The post claims the attackers ultimately published a large archive after exfiltrating what they describe as nearly the company’s entire internal environment.
Source code, databases, and credentials allegedly exposed
The forum listing claims the leaked archive contains AI model source code, computer vision applications, PostgreSQL database backups, employee records, customer information, RSA encryption keys, API credentials, cloud access tokens, internal documentation, and more than 70,000 emails.
According to the post, the archive also includes over 100 exported database tables, internal spreadsheets, HR documents, employee identification records, workplace videos, images, screenshots, audio files reportedly used for AI training, backup databases, and numerous documents stored across Microsoft OneDrive.
The alleged dataset reportedly contains credentials for Microsoft 365 services, AWS resources, databases, and internal enterprise applications recovered from emails, source code, and cloud storage. BreachNews is not publishing or verifying any credentials or other sensitive material referenced in the listing.
Forum post blames weak security practices
Beyond claiming responsibility for the breach, the forum user alleges Darsa AI routinely stored passwords, API keys, encryption material, and other sensitive credentials in plain text across Microsoft Outlook, Microsoft Teams, OneDrive, and internal source code repositories.
The post further claims password reuse across multiple internal systems enabled the attackers to expand access after the initial compromise. It also alleges that sensitive development assets, cloud credentials, and confidential documents remained accessible for several years before the alleged intrusion. BreachNews has not independently verified these assertions.
The listing additionally claims the attackers accessed externally facing applications used for vehicle and people detection before collecting source code, databases, cloud configuration files, and internal communications. However, the forum post provides no independently verifiable technical evidence demonstrating how the alleged compromise occurred.
No public statement from Darsa AI
At the time of publication, Darsa AI had not issued any public statement regarding the alleged breach.
If authentic, exposure of source code, cloud credentials, encryption keys, internal emails, and enterprise authentication material could create risks extending beyond the loss of proprietary information. Such data may provide attackers with insight into internal infrastructure, development workflows, cloud deployments, and customer environments if any credentials remain active.
AI developers remain attractive targets
Artificial intelligence companies continue to attract cybercriminals seeking valuable intellectual property, cloud infrastructure, source code, and enterprise credentials. Organizations developing AI platforms often manage large cloud-native environments containing proprietary models, customer integrations, and sensitive development assets that can become valuable targets for extortion or data theft.
Recent BreachNews coverage includes the alleged AstraZeneca source code and cloud credentials leak, the alleged Aegis Defense Solutions breach involving personnel records, and the confirmed Trellix source code repository breach.
BreachNews will update this article if Darsa AI issues a public statement or if additional evidence emerges supporting or refuting the claims.












