A hacker broke into the systems of Suno, an AI music generator, and found evidence that the company scraped audio from YouTube, Deezer, and Genius to train its artificial intelligence models. The breach exposed source code that showed how Suno collected decades of music without permission.
How the Hack Exposed Suno's Data Collection
The hacker used an employee's login credentials to access Suno's internal source code. According to 404media.co, the code revealed that Suno was scraping songs from YouTube using proxies sold by a company called Bright Data. The scraping operation collected massive amounts of audio files to train Suno's AI model.
The source code showed that Suno did not just scrape YouTube. It also pulled data from Deezer, a music streaming service, and Genius, a lyrics database. This means the AI was trained on copyrighted music and lyrics without the permission of artists, record labels, or publishers.
What This Means for the AI Music Industry
This hack raises serious questions about how AI music generators build their training datasets. Many AI companies claim they use "publicly available" data, but scraping content from platforms like YouTube and Deezer often violates those platforms' terms of service. The use of proxies to hide the scraping activity suggests Suno knew it was doing something that might not be allowed.
According to a discussion on Reddit's technology community, the code also indicated that Suno was using Bright Data's proxy services specifically to avoid detection while scraping YouTube. This is a common technique used by companies that want to bypass rate limits and IP blocks set by platforms.
Our Take: Transparency Is Non-Negotiable
In our view, this hack exposes a fundamental problem with how AI companies operate. Suno, like many AI startups, has been secretive about where its training data comes from. Users and artists deserve to know if their work is being used to train commercial AI systems. Using proxies to scrape content without permission is not just a technical shortcut — it is a breach of trust.
To put it plainly: if an AI company cannot be honest about its data sources, how can we trust the technology it builds? The music industry has already been fighting against unauthorized use of copyrighted material for AI training. This hack gives those critics concrete evidence that their concerns are valid. Suno and other AI music generators need to come clean about their data practices, or regulators will step in to force transparency.