LAST UPDATED Loading...

Darsa AI Allegedly Breached With Source Code, Credentials, and Internal Files Exposed

A forum user claims to have stolen roughly 90 GB of source code, cloud credentials, databases, and internal communications from AI company Darsa AI.
Cropped screenshot of a cybercrime forum post alleging a breach of Darsa AI. The visible portion summarizes claims that approximately 90 to 100 GB of source code, databases, credentials, employee information, and internal documents were stolen. The screenshot shows only the beginning of the forum post and not the complete listing.
Cropped screenshot showing the opening section of the alleged Darsa AI breach listing. The complete forum post, which extends well beyond the portion shown here, contains additional claims about stolen databases, source code, credentials, internal emails, cloud infrastructure, and other company data.

A cybercrime forum user is claiming to have breached Darsa AI, an artificial intelligence company that develops workplace safety and security solutions, alleging the theft of roughly 90 GB to 100 GB of internal data including source code, cloud credentials, employee information, databases, and confidential communications. The claims have not been independently verified by BreachNews.

According to the forum post, the alleged intrusion lasted approximately one week and resulted in access to Darsa AI’s Microsoft 365 environment, OneDrive storage, internal databases, development systems, and cloud infrastructure. The post claims the attackers ultimately published a large archive after exfiltrating what they describe as nearly the company’s entire internal environment.

Source code, databases, and credentials allegedly exposed

The forum listing claims the leaked archive contains AI model source code, computer vision applications, PostgreSQL database backups, employee records, customer information, RSA encryption keys, API credentials, cloud access tokens, internal documentation, and more than 70,000 emails.

According to the post, the archive also includes over 100 exported database tables, internal spreadsheets, HR documents, employee identification records, workplace videos, images, screenshots, audio files reportedly used for AI training, backup databases, and numerous documents stored across Microsoft OneDrive.

The alleged dataset reportedly contains credentials for Microsoft 365 services, AWS resources, databases, and internal enterprise applications recovered from emails, source code, and cloud storage. BreachNews is not publishing or verifying any credentials or other sensitive material referenced in the listing.

Forum post blames weak security practices

Beyond claiming responsibility for the breach, the forum user alleges Darsa AI routinely stored passwords, API keys, encryption material, and other sensitive credentials in plain text across Microsoft Outlook, Microsoft Teams, OneDrive, and internal source code repositories.

The post further claims password reuse across multiple internal systems enabled the attackers to expand access after the initial compromise. It also alleges that sensitive development assets, cloud credentials, and confidential documents remained accessible for several years before the alleged intrusion. BreachNews has not independently verified these assertions.

The listing additionally claims the attackers accessed externally facing applications used for vehicle and people detection before collecting source code, databases, cloud configuration files, and internal communications. However, the forum post provides no independently verifiable technical evidence demonstrating how the alleged compromise occurred.

No public statement from Darsa AI

At the time of publication, Darsa AI had not issued any public statement regarding the alleged breach.

If authentic, exposure of source code, cloud credentials, encryption keys, internal emails, and enterprise authentication material could create risks extending beyond the loss of proprietary information. Such data may provide attackers with insight into internal infrastructure, development workflows, cloud deployments, and customer environments if any credentials remain active.

AI developers remain attractive targets

Artificial intelligence companies continue to attract cybercriminals seeking valuable intellectual property, cloud infrastructure, source code, and enterprise credentials. Organizations developing AI platforms often manage large cloud-native environments containing proprietary models, customer integrations, and sensitive development assets that can become valuable targets for extortion or data theft.

Recent BreachNews coverage includes the alleged AstraZeneca source code and cloud credentials leak, the alleged Aegis Defense Solutions breach involving personnel records, and the confirmed Trellix source code repository breach.

BreachNews will update this article if Darsa AI issues a public statement or if additional evidence emerges supporting or refuting the claims.

Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

Newsletter signup

Get the latest data breach and security news.

Please wait...

Thank you for signing up!

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map