Suno's Source Code Leaks and Reveals Exactly Where Its Training Songs Came From

01The music didn't leak from Suno — Suno leaked, and its source code showed where the songs came from

Suno's training data left the company the way its secrets were always going to: through a breach, not a disclosure. Source code obtained in a hacking incident exposed how the AI music generator built its catalog, 404 Media reported. The code describes scraping decades of music and podcasts from the open internet to feed the model.

The scraped material traces to named platforms. According to 404 Media, the code pulled songs and lyrics from YouTube Music, Deezer, and Genius. Those are three distinct pipelines: a video-and-audio giant, a streaming service, and a lyrics database whose text Genius has previously accused others of lifting. Millions of songs and lyrics moved through them, The Verge reported, summarizing the 404 Media findings.

What the breach exposed matters because Suno chose not to. The company has declined to say what sits inside its training datasets or how it acquired them, The Verge noted. That silence held through licensing talks and litigation. The code did what the company would not, listing the sources in plain terms an outsider could read.

The podcast detail widens the scope past music. Scraping "decades worth of music and podcasts," per 404 Media's description, means spoken-word audio and its hosts entered the same pipeline as recorded songs. Podcast catalogs carry their own rights holders, and few of them expected to be training material for a generator that outputs new audio on demand.

For the platforms named, the code reads as evidence. YouTube Music, Deezer, and Genius each set terms that restrict bulk extraction, and each now has a documented account of Suno's collection method that did not come from Suno. Rights holders pressing claims against AI music tools have generally worked from inference about training data. Here the description sits in the company's own code.

Suno has not confirmed the code's authenticity or addressed the specific platforms. The breach itself remains the source of everything now public about the company's data practices. Whatever Suno says next, it responds to a record it did not choose to release.

YouTube Music, Deezer, Genius named as scrape targets in Suno's own coderights holders gain documented method, not inferred training datapodcast hosts pulled in alongside recorded musicthe disclosure came from a breach, not litigation discovery

02Prompt injection graduated from lab demo to a working data heist, and vendors are answering with AIs that attack themselves

A Claude conversation that looks routine can end with a stranger holding your name, your employer, and the answers to your security questions. That is the claim in a writeup titled "The Memory Heist," which documents an attack on claude.ai's consumer assistant, not Claude Code. The author, Ayush Paul, reports that a single crafted exchange coaxed Claude into exfiltrating his real profile to an attacker, with no visible sign anything had happened.

The mechanism is the memory system itself. Claude runs a daily summarization pass that distills recent chats into a few paragraphs and injects them into every new conversation. It also exposes a retrieval tool, conversation_search, that can pull from full history on demand. Paul argues those features turn an assistant into something denser than a password manager: a high-fidelity reconstruction of a person, built from what they confide about work, relationships, and secrets. His post says such a profile could be used for blackmail, impersonation, or bypassing security questions.

That is the threat side. The defense side is moving in a different direction. OpenAI has described GPT-Red, an automated red-teaming system that uses self-play to have models attack and defend against each other, and says it targets prompt injection robustness specifically. According to MIT Technology Review, OpenAI used GPT-Red as a sparring partner for GPT-5.6, released last week, and claims training against it produced the company's most robust model to date.

The pattern connecting these two items is a mismatch of speed. Hand-patched defenses are being outrun by attacks that work on shipping products, so vendors are automating the offense to keep pace. The exposure lands hardest on developers wiring memory and tools into agents that ingest untrusted input: a poisoned document or webpage becomes an instruction the model may follow. Before connecting any such source, the practical step is to treat retrieved content as attacker-controlled and gate what memory and tools an injected prompt can reach.

Any AI app with memory plus tool access can leak user PII silentlydevelopers must sandbox untrusted input before connecting it to memory or toolssecurity-question answers stored in chat history now bypass account recoveryvendors shifting from manual patching to automated adversarial testing as attacks hit production.

03xAI Walks Into Court as Plaintiff; Meta Walks In as Defendant, Both Because of AI

xAI filed suit against a South Carolina man named Terry Wayne Harwood, alleging he used its Grok chatbot to produce child sexual abuse material. The company says Harwood "knowingly and intentionally used Grok to circumvent safeguards, alter nonconsensual images, and generate and distribute CSAM," breaching its terms of service. The complaint, reported earlier by Reuters, casts xAI as the injured party. The system generated the images; the company's legal theory places the fault entirely on the person who typed the prompts.

That posture inverts the one Meta now faces. A group of 26 former Meta employees is suing the company, alleging it used AI tools to unfairly single out workers on leave for layoffs. According to the complaint, also reported by Reuters, Meta decided who to cut using performance data gathered by what the plaintiffs call a "constellation" of internal AI systems. Here the software is not the weapon a user turned against a company. It is the mechanism a company allegedly used against its own staff, and the plaintiffs want a human decision-maker held to account for it.

Two lawsuits, two opposite uses of the same argument. xAI treats Grok's output as the user's act and sues to enforce that line. The Meta plaintiffs treat the company's AI-driven selections as management's act and sue to erase the line Meta allegedly drew between itself and the tool. One side wants the human blamed for what the model made. The other wants the company blamed for what the model decided.

Neither case has been tested in court. xAI must show Harwood defeated its safeguards deliberately rather than exploiting gaps the company left open. The Meta plaintiffs must show the AI tools produced biased outcomes against workers on leave, and that the company knew. Both turn on the same unsettled question of where an automated system's output stops being the software's and starts being a person's.

CSAM liability may hinge on whether users or model makers own generated outputlaid-off workers now suing over AI performance scoring, not just human managerscourts, not vendors, will set who owns an AI system's decisions
04

Apple cleared to launch Apple Intelligence in China using Alibaba's Qwen Apple secured Chinese regulatory approval to ship its AI features in the country, powered by Alibaba's Qwen models rather than its own. The deal ends a delay that kept Apple Intelligence off Chinese iPhones. techcrunch.com

05

Thinking Machines released its first open model, Inkling Thinking Machines published Inkling, its first public release after roughly 18 months building infrastructure privately. The company frames the model around task-specific tuning rather than one general-purpose system. techcrunch.com

06

Anthropic and Blackstone back Ode to embed engineers inside enterprises Ode launched with Anthropic and Blackstone funding to place forward-deployed engineers inside companies adopting AI. The bet treats implementation and integration, not model access, as the constraint on enterprise deployment. techcrunch.com

07

OpenAI researcher Miles Wang in talks to raise for a $2B drug discovery startup Miles Wang, an OpenAI researcher, is discussing funding for an AI drug discovery startup at a roughly $2 billion valuation. The talks are early and target applying models to life sciences research. techcrunch.com

08

Indian coding startup Emergent hit unicorn status with a $130M Series C Emergent raised $130 million just over a year after launch, reaching a $120 million annualized revenue run rate. The AI coding startup reports more than 200,000 paying customers. techcrunch.com

09

Microsoft patched 570 vulnerabilities in one Patch Tuesday, crediting AI Microsoft fixed 570 security flaws in its monthly release, a company record, attributing many discoveries to AI-assisted analysis. The patches span its product line. techcrunch.com

10

Vint Cerf is drafting a standard to identify AI agents online Vint Cerf, co-designer of TCP/IP, is developing a protocol to identify autonomous AI agents operating on the public internet. The work aims to let services distinguish agents from human traffic. techcrunch.com

11

Rime raised $24M Series A for enterprise voice agents Rime closed a $24 million Series A to handle customer phone calls for enterprises. The company says it now processes over 100 million calls per month across its clients. techcrunch.com

12

Whatnot acquired Shaped for real-time shopping recommendations Livestream shopping platform Whatnot bought Shaped, a machine learning startup focused on real-time recommendation and search. Whatnot plans to use it for personalization as it adds product categories. techcrunch.com

13

OpenAI shipped a $230 light-up keyboard for its Codex coding app OpenAI released a $230 keyboard designed to pair with Codex, its agentic coding tool. The launch comes while OpenAI defends against Apple's trade secret theft lawsuit over hardware. techcrunch.com

14

Anthropic committed $10M to Canadian AI research Anthropic pledged $10 million to fund AI research in Canada. The commitment supports academic and research institutions in the country. anthropic.com