Suno’s leaked source code reveals massive scraping of Deezer, YouTube, and other music platforms

Suno’s leaked source code reveals massive scraping of Deezer, YouTube, and other music platforms

A supply-chain hack exposed internal logs showing the AI music startup scraped over 2 million clips from YouTube Music alone, raising fresh questions about IP rights in the age of generative AI.

Suno, the generative AI music platform valued at $5.4 billion, just had its homework exposed. A leaked trove of internal source code and logs reveals the company scraped over 2 million clips from YouTube Music, totaling roughly 113,879 hours of audio, as part of its training data pipeline.

The breach also showed significant audio harvesting from Deezer (12,287 hours), Genius (17,615 hours), Pond5 (62,117 hours), and smaller contributions from Jamendo and Freesound, plus about a million hours of podcast RSS feeds.

How the leak happened

The breach traces back to November 2025, when a supply-chain attack compromised an employee credential through the Shai-Hulud npm worm. In English: a piece of malicious code wormed its way into the software tools Suno’s developers rely on, then used stolen login details to access internal systems.

The leaked documents were made public in mid-July 2026 by a hacker going by “ellie.191” and first reported through 404 Media. The exposed files include detailed logs of Suno’s scraping operations, painting a remarkably clear picture of exactly where the company sourced its training data.

Advertisement

Among the more telling details: Suno routed its scraping activity through Bright Data proxies, a commercial proxy network commonly used to mask the origin of web requests. The operation had a specific focus on a cappella tracks, which are particularly useful for training AI models to isolate and replicate vocal patterns without instrumental interference.

Suno has responded by saying the exposed code is outdated and that no sensitive customer information, including payment details, was compromised.

The copyright problem gets worse

Major record labels had already been pursuing legal action against Suno over suspected copyright infringement before this leak. The company’s defense has generally relied on the argument that its AI models produce original outputs, not copies. That argument gets significantly harder to make when your internal logs show you systematically scraped over 2 million specific clips from a single platform.

Those 113,879 hours from YouTube Music alone represent nearly 13 years of continuous audio. Add in the tens of thousands of hours from Deezer, Genius, and Pond5, and Suno assembled a training library built apparently without licensing agreements.

Suno completed a $400 million Series D funding round in June 2026, pushing its valuation to $5.4 billion.

Why crypto investors should care

Multiple blockchain projects have been building infrastructure specifically designed to solve the problem Suno is now facing. Projects like Story Protocol, which is building an IP layer for the internet, gain a stronger narrative every time a centralized AI company gets caught scraping without permission.

If courts or legislators crack down on unauthorized scraping for AI training, that creates market demand for legitimate, auditable data sourcing. Blockchain-based systems that can prove data lineage and rights compliance would directly benefit from such regulatory outcomes.

Any adverse ruling in the pending copyright cases could force the company to retrain models on properly licensed data. It could also set precedent that reshapes the entire generative AI landscape, pushing companies toward either licensing deals or decentralized alternatives.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

Suno’s leaked source code reveals massive scraping of Deezer, YouTube, and other music platforms

Suno’s leaked source code reveals massive scraping of Deezer, YouTube, and other music platforms

A supply-chain hack exposed internal logs showing the AI music startup scraped over 2 million clips from YouTube Music alone, raising fresh questions about IP rights in the age of generative AI.

Suno, the generative AI music platform valued at $5.4 billion, just had its homework exposed. A leaked trove of internal source code and logs reveals the company scraped over 2 million clips from YouTube Music, totaling roughly 113,879 hours of audio, as part of its training data pipeline.

The breach also showed significant audio harvesting from Deezer (12,287 hours), Genius (17,615 hours), Pond5 (62,117 hours), and smaller contributions from Jamendo and Freesound, plus about a million hours of podcast RSS feeds.

How the leak happened

The breach traces back to November 2025, when a supply-chain attack compromised an employee credential through the Shai-Hulud npm worm. In English: a piece of malicious code wormed its way into the software tools Suno’s developers rely on, then used stolen login details to access internal systems.

The leaked documents were made public in mid-July 2026 by a hacker going by “ellie.191” and first reported through 404 Media. The exposed files include detailed logs of Suno’s scraping operations, painting a remarkably clear picture of exactly where the company sourced its training data.

Advertisement

Among the more telling details: Suno routed its scraping activity through Bright Data proxies, a commercial proxy network commonly used to mask the origin of web requests. The operation had a specific focus on a cappella tracks, which are particularly useful for training AI models to isolate and replicate vocal patterns without instrumental interference.

Suno has responded by saying the exposed code is outdated and that no sensitive customer information, including payment details, was compromised.

The copyright problem gets worse

Major record labels had already been pursuing legal action against Suno over suspected copyright infringement before this leak. The company’s defense has generally relied on the argument that its AI models produce original outputs, not copies. That argument gets significantly harder to make when your internal logs show you systematically scraped over 2 million specific clips from a single platform.

Those 113,879 hours from YouTube Music alone represent nearly 13 years of continuous audio. Add in the tens of thousands of hours from Deezer, Genius, and Pond5, and Suno assembled a training library built apparently without licensing agreements.

Suno completed a $400 million Series D funding round in June 2026, pushing its valuation to $5.4 billion.

Why crypto investors should care

Multiple blockchain projects have been building infrastructure specifically designed to solve the problem Suno is now facing. Projects like Story Protocol, which is building an IP layer for the internet, gain a stronger narrative every time a centralized AI company gets caught scraping without permission.

If courts or legislators crack down on unauthorized scraping for AI training, that creates market demand for legitimate, auditable data sourcing. Blockchain-based systems that can prove data lineage and rights compliance would directly benefit from such regulatory outcomes.

Any adverse ruling in the pending copyright cases could force the company to retrain models on properly licensed data. It could also set precedent that reshapes the entire generative AI landscape, pushing companies toward either licensing deals or decentralized alternatives.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.