Novo Nordisk just lost 1.3TB of AI models and drug discovery IP to a GitHub token

A single compromised GitHub access token gave hackers 1.3 terabytes of Novo Nordisk's most valuable AI assets.

Not patient data. Not financial records.

Fully trained multimodal models. Proprietary training datasets. Complete source code. 113 training run logs. Infrastructure maps of their HPC cluster. 53GB of container images.

The group FulcrumSec got in through a GitHub token in March. They sat quietly for months. Then they exfiltrated everything and demanded $25 million.

Novo Nordisk confirmed the breach on June 11. They brought in external cybersecurity experts. They took systems offline.

Here's what most CISOs are missing:

Your AI models are now your most valuable IP. More valuable than customer data in many cases. A trained pharmaceutical model represents years of research, billions in compute, and competitive advantage that can never be recovered.

Yet most enterprises protect their GitHub tokens with the same controls they use for a marketing blog.

The attack surface has shifted. Model checkpoints, training pipelines, HPC credentials, container registries — these are the new crown jewels. And they're sitting behind the same access controls as everything else.

Audit your AI model access controls today. Rotate every GitHub token, HPC credential, and container registry key that touches your ML infrastructure. If a single token can hand over your entire drug discovery pipeline, your security model is already obsolete.