Novo Nordisk lost 32 AI models to a stolen GitHub token. Two months. Nobody noticed.

A 16.7-gigabyte multimodal model checkpoint.

407 megabytes of proprietary biological training data.

32 private AI models.

A $25 million ransom.

All of it walked out the front door through a single GitHub access token.

FulcrumSec — a crew that surfaced just eight months ago — spent two months inside Novo Nordisk's research network before anyone detected them. The entry point wasn't a zero-day. It wasn't a nation-state toolkit. It was a token nobody was watching.

And here's the part that should make every CISO in pharma, biotech, and financial services wake up tonight: the attackers ran their own AI agents over the stolen models. They catalogued everything. They adversarially reviewed their own findings with a second set of models. Then they tried to sell the capability to Novo Nordisk's competitors.

You cannot rotate a trained model. You cannot reset a checkpoint. The training data is the recipe. The model is the dish. Both are now outside your control permanently.

Novo Nordisk's stealer-log exposure tells the rest of the story: 211 employee credentials, 580 customer logins, and 2,932 session cookies sitting in infostealer malware caches before the breach ever surfaced. The credential supply chain was wide open the entire time.

Audit your non-human identity inventory today. Your GitHub tokens, your CI secrets, your model registries — treat them like crown jewels or lose them like credentials.

SOURCE: https://ransomnews.com/novo-nordisk-fulcrumsec-breach-2026/

VERIFIED: Ransomnews (June 17), DugganUSA Security (June 17), DataBreaches.net (June 15), Novo Nordisk official disclosure (June 11)

SIGNAL: AI models are now the primary exfiltration target in enterprise breaches. A GitHub token that nobody inventoried cost a top-5 pharma company two years of drug-discovery research. Non-human identity governance is no longer optional.