Sources
Stay ahead of AI art
Get the week's top AI and AI-art stories delivered to your inbox — curated, concise, free.
Free. Unsubscribe any time.

Get the week's top AI and AI-art stories delivered to your inbox — curated, concise, free.
Free. Unsubscribe any time.

A hacking incident has cracked open one of AI music's biggest secrets: Suno built its model by scraping millions of songs and lyrics from YouTube Music, Deezer, and Genius — sources the company had never publicly disclosed.
According to TechCrunch, the attacker gained access using a Suno employee's credentials, then extracted source code that documented the scraping pipeline in detail. The code showed Suno pulling decades of audio — not just metadata or snippets, but full tracks and lyrics — from platforms that explicitly prohibit automated harvesting in their terms of service. 404 Media first reported the underlying data.
What makes this significant beyond the breach itself is what it confirms about industry practice. Suno has been among the most tight-lipped AI music companies about its training stack. While image-generation companies like Stability AI and Midjourney have faced public scrutiny — and lawsuits — over their use of scraped visual content, audio AI has largely escaped the same level of documentation. That changes now.
YouTube Music, Deezer, and Genius are not obscure sources. YouTube Music alone hosts hundreds of millions of tracks; Genius is the dominant repository of song lyrics on the web. Scraping at that scale, without licensing agreements, puts Suno in direct conflict with the platforms' terms and with the rights holders whose work sits on those platforms — labels, publishers, and independent artists alike.
Suno has previously faced a copyright lawsuit from major record labels including Universal Music Group, Sony Music, and Warner Music Group, filed in 2024. That suit alleged Suno copied recordings without permission. The newly exposed source code gives plaintiffs' lawyers something they rarely get in AI copyright cases: internal documentation of exactly where the training data came from and how it was collected.
The pattern is familiar to anyone tracking the image-generation space. The NYT's ongoing case against OpenAI has similarly centered on what internal evidence the company concealed about its training corpus. In Suno's case, the disclosure came not from litigation discovery but from a security failure.
For creators who use AI-generated music in video projects, social content, or as backing tracks for AI-art showcases, the legal picture just got murkier. If Suno's outputs are found to derive from unlicensed recordings, any commercial use of those outputs carries downstream risk — the same argument that has made some brands cautious about AI-generated imagery from tools with opaque training histories.
Practically, this is a reason to pay close attention to which AI audio platforms publish clear, licensed training data disclosures. Some competitors — including those that have pursued licensing deals with labels — are now positioned to market transparency as a feature. Suno's silence on its dataset, which looked like a standard industry posture before this week, now looks like a liability.
For AI-image creators, the Suno breach is a useful reminder that training data opacity is not unique to any one modality. The same questions worth asking about an image model — what was it trained on, and was it licensed — apply equally to the audio tools being layered into creative workflows. Platforms that can answer those questions clearly are increasingly the safer creative bet.