A hacker broke into Suno's systems and walked out with source code that reportedly documents how the AI music startup built its model on millions of scraped songs.
Suno confirmed the breach occurred in November and said no sensitive personal information was compromised — the company's preferred framing. What the intruder apparently did access was internal code that, according to reports, details the data-collection pipeline Suno used to train its generative music model. The company has not publicly disputed that characterization of what the stolen code contains.
That matters because Suno is already a defendant in copyright litigation brought by major record labels, who argue the startup trained on their catalogs without licenses or payment. Source code that spells out how a company scraped millions of songs is exactly the kind of evidence that could reshape discovery in that case — or settle the central factual dispute before a court even has to.
Suno joins a growing list of AI companies whose training practices became public not through disclosure, but through a breach or a lawsuit. The lesson so far: the less transparent a company is about what it trained on, the more interesting a hack of its codebase tends to be.