Realtime AI News
Suno Hack Reveals AI Music Generator Scraped YouTube Audio for Training
A hacker gained access to Suno's source code through a supply chain attack, revealing evidence that the AI music generator scraped decades of audio from YouTube Music, Deezer, and other platforms. The breach exposes Suno's training data practices at a time when the company faces copyright lawsuits from major record labels.

AI music generation company Suno was hacked, with the attacker obtaining internal source code that revealed how the company sourced audio data for training its AI models. According to a TechCrunch report, the hacker used a supply chain attack in November 2025 to access an employee's credentials, then accessed source code showing how Suno allegedly scraped decades of audio from YouTube Music, Deezer, Genius, stock music libraries, and podcast RSS feeds.
Suno has previously maintained that it trains its AI on publicly available music files and argues it can use copyrighted material under the fair use doctrine. However, the leaked evidence suggests Suno may have deliberately circumvented YouTube's protections against data scraping, potentially violating the Digital Millennium Copyright Act (DMCA) and YouTube's terms of service.
The hacker also accessed customer data, including partial credit card numbers stored in Stripe. Suno did not notify customers about the November 2025 breach and later described it as a limited security incident that was quickly contained.
This revelation comes at a critical time as Suno faces active lawsuits from major record labels accusing the company of using copyrighted music without permission for AI training. The leaked evidence could strengthen the labels' case and weaken Suno's fair use defense.
Notably, competitor Udio has also been accused of scraping YouTube data, and even Google, YouTube's parent company, faces similar allegations. This suggests the AI music industry's data sourcing practices extend well beyond a single company.
For the broader industry, the Suno hack highlights the risks of operating in the gray area of AI training data. Security vulnerabilities can expose practices that companies prefer to keep confidential, potentially reshaping legal and regulatory landscapes.
Going forward, attention will focus on whether this breach accelerates the record labels' litigation, prompts regulatory scrutiny of AI training data sources, and forces Suno to reconsider its data acquisition strategy.
Why it matters
The Suno breach exposes its YouTube scraping practices at a critical juncture in copyright litigation, potentially shifting the legal landscape for AI music training data.
Nearby Updates
All07/16, 01:00
Whatnot Acquires AI Startup Shaped to Power Real-Time Live Shopping Recommendations
Livestream shopping platform Whatnot has acquired Shaped, a machine learning company specializing in real-time recommendations and search. The deal aims to solve live commerce's toughest challenge: helping shoppers find products as inventory, auctions, and buyer demand change by the second.
07/16, 01:09
Meet GPT Red: an LLM super hacker OpenAI built to make its models safer
Meet GPT Red: an LLM super hacker OpenAI built to make its models safer. OpenAI has built an LLM super hacker called GPT Red that it uses as a sparring partner to help its other models boost their defenses against cyberattacks. Last week the company released the latest version of its flagship LLM, GPT 5.6. OpenAI says that training...
07/16, 01:27
Model Routing Is Simple. Until It Isn’t.
Model Routing Is Simple. Until It Isn’t..
07/16, 02:04
Thinking Machines amps up its bet against one size fits all AI with its first open model, Inkling
Thinking Machines amps up its bet against one size fits all AI with its first open model, Inkling. It's the company's first public proof point after a year and a half spent building AI infrastructure largely out of public view.