AI & TechArtificial IntelligenceCybersecurityNewswireTechnology

Suno AI Trained on 2M+ YouTube Songs

▼ Summary

– A hacker leaked source code from Suno, an AI music tool, revealing it trained its model by scraping millions of songs and lyrics from the internet.
– The training data included over 2 million YouTube clips, tens of thousands of hours from Deezer, Genius, and Pond5, and about a million hours of speech from 420,000 podcasts.
– Suno routed its scraping through a proxy firm, Bright Data, to bypass YouTube’s defenses and targeted a cappella versions for clean vocals.
– Suno’s defense is fair use, claiming it trains on publicly available music files for original creation, but the RIAA alleges it unlawfully copied decades of popular recordings.
– The hacker claimed to have accessed customer emails, phone numbers, and Stripe records, but Suno downplayed the breach as limited and did not notify users.

For years, musicians have suspected that AI song generators were built on their work without permission. Now, a hacker has cracked the code and revealed exactly how it happened.

Leaked source code from Suno, one of the leading AI music tools, exposes the company’s training methods. According to data obtained by 404 Media from a hacker who breached the company, Suno trained its model by scraping millions of songs and lyrics from across the internet.

The scale is staggering. One file labeled “youtube_music” logged more than 2 million video clips. Other files document tens of thousands of hours pulled from Deezer, Genius, and the stock music library Pond5. In total, that adds up to decades of recorded music.

The code reveals a targeted approach. To extract clean vocals, Suno searched for a cappella versions of songs on YouTube. To bypass YouTube’s protections, the company routed its scraping through a proxy service called Bright Data. It also harvested roughly 420,000 podcasts, chasing about a million hours of speech.

None of this comes as a complete shock. In court, Suno has already admitted to training on “essentially all music files of reasonable quality” available on the open web. But the leak provides the gritty details behind that vague admission.

Record labels have long accused Suno of this practice. In a lawsuit, the RIAA claimed the company copied “decades worth of the world’s most popular sound recordings” by stream ripping from YouTube, sidestepping the platform’s copy protections.

Suno’s defense, like that of most AI firms, rests on fair use. The company argues it trains on “publicly available music files” to build models for “original creation.” It even claims it leaves artist names out of its training data to discourage copycat behavior.

Regarding the breach, Suno downplayed the incident. The company called the November 2025 hack “limited” and “quickly contained.” It said the exposed code was outdated and insisted no sensitive data leaked. Suno also stated it does not hold customers’ full card numbers and decided it did not need to notify users.

The hacker, who goes by ellie.191, tells a different story. They claim to have entered through the Shai-Hulud worm, grabbed an employee’s credentials, and pulled customer emails, phone numbers, and Stripe records. Some of those affected told 404 Media they never received a warning from Suno. The hacker’s motive? “I like to hack anything and everything.”

The timing of this leak is critical. Some record labels have already made peace, striking licensing deals with AI firms instead of fighting. Sony is still in court, with a pivotal fair-use ruling expected this summer.

Meanwhile, artists continue to argue that these deals do little for them. Suno’s chief executive, Mikey Shulman, once remarked that most people “don’t enjoy the majority of the time they spend making music.” The people whose music trained his model might have a different perspective.

(Source: The Next Web)

Topics

ai music training 98% data scraping 95% security breach 93% fair use defense 90% record label lawsuits 88% customer data exposure 85% youtube scraping 82% licensing deals 79% artist compensation 76% hacker motivation 73%