Cyber Incident Victim: Clarifai
Date:
Nov 2017
Location:
United States of America
Summary
An artificial intelligence startup involved in a contentious Pentagon drone surveillance project experienced a cybersecurity breach involving malware originating from Russia, potentially compromising sensitive code and cloud service credentials. The incident, initially described by the company's CEO as an untargeted bot affecting a research server without data access, was alleged in a lawsuit to have exposed military technology and prompted internal disputes over disclosure obligations. A former employee claimed executives delayed notifying defense officials and terminated her for advocating transparency, while internal reports indicated broader risks including attempted connections to US government networks. The breach raised concerns about the company's security practices amid its work adapting commercial AI for military imagery analysis.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early November 2017, Clarifai was notified by internet service provider Cogent that one of its research servers exhibited malicious activity, specifically attacking Indiana University's network. An internal incident report indicated the malware had originated from a computer in Russia and potentially compromised all company code and Amazon Web Services credentials storing customer data. CEO Matt Zeiler confirmed in November 7 chat logs that the malware attempted communications with systems worldwide, including a U.S. Department of Defense network information center. Clarifai's leadership initiated an internal investigation, with General Counsel Caroline McCaffery briefing marketing director Amy Liu about the breach in a private meeting held in a broom closet. During this meeting, McCaffery instructed Liu to assist with internal communications but allegedly resisted Liu's recommendation to immediately notify Pentagon officials, insisting on waiting until the investigation concluded. Later that day, McCaffery directed employees at a company-wide meeting not to document any details about the incident.
The security incident occurred while Clarifai was executing a $7 million subcontract through ECS Federal for Project Maven, a Pentagon initiative using AI to analyze drone surveillance imagery. Approximately 10 employees worked on this classified project in a segregated office space humorously labeled "chamber of secrets." Former employees reported that some team members weren't initially informed the technology was for military applications until government personnel visited their offices weeks into the contract. Following the breach, Liu was terminated days after adding a discussion about reporting the incident to government authorities to a meeting agenda with her manager. Clarifai's CEO later publicly characterized the event as an "untargeted bot" infection limited to a research server that didn't access data or code, contradicting the internal report's assessment of potential AWS credential exposure. The company stated it notified customers, including the Pentagon, only after completing an internal assessment and third-party audit. Liu's subsequent lawsuit alleged executives failed to promptly disclose the Russian-linked breach, potentially exposing military technology to adversaries. The incident exacerbated existing employee concerns about Clarifai's transparency and security practices during sensitive defense contracts.