Skip to content

Data & Model Leaks

Data and model leaks are the exfiltration scenarios Common Defense's response is built for: once customer data, source code, or model weights get out, each hour widens the exposure. We identify what left, close the path, preserve the evidence, and harden against a repeat.

Malicious open-source packages

95K368K704K1.23M2022202320242025
Sonatype State of the Software Supply Chain, cumulative since 2019

Leaks hit AI and tech companies hardest, where the exposed asset might be model weights or source code rather than a spreadsheet, and the path out can run through a tool your own team trusts. In March 2026, a compromised version of the open-source LiteLLM tool exfiltrated credentials from Mercor, an AI company with roughly 5 million experts on its platform. Common Defense responds to these scenarios, tracing the leak, containing it, and hardening against a repeat.

Scope comes first

The urgent question is narrow: what left, through which path, and who can still use it. A customer-data leak, a source-code leak, and a model-weight leak each carry a different blast radius. We establish which one you’re facing, the channel it left through, and whether that access can still be abused. That gives your team a defensible scope before public statements and legal decisions harden around guesses.

Where leaks come from

The path out usually runs outside the application: an over-permissioned cloud bucket, a forgotten model artifact, a contractor account, a compromised dependency, or an API key left in a notebook. For AI teams the exposure reaches past regulated data, into model weights, evaluation sets, prompt logs, and training pipelines. Generic response stops short here. Closing the exposed bucket does little if the same token still reaches the model registry, so we trace the leak back to the operating surface that enabled it.

Contain, then close the class

Containment starts with cutting access without destroying evidence. We preserve the logs, snapshots, and identity history needed to reconstruct the path, then shut the route the data took. Once it’s closed, you get the account of record customers and regulators need: what was exposed, what wasn’t, and how it happened. Then we harden the operating surface that allowed it, so the fix closes the whole class of exposure, not just this incident.

How we help

Find what left, and how

We establish the scope, channel, and destination of the exfiltration so you can act on facts.

Close the path

We shut down the route the data took and the access that enabled it.

Preserve evidence & reassure

We keep the record you'll need for customers, regulators, and stakeholders, and give them a credible account.

Harden against a repeat

Once the leak is closed, we tighten the classification, access, and egress controls that let it out, so the same path can't open twice.

Close every gap before it becomes an incident.

Get Protected