Leaked Files Suggest Suno Scraped Millions of Songs to Train Its AI Music Models
BOSTON — Leaked source code and internal files from AI music company Suno reportedly reveal that the startup collected millions of songs, lyrics and other audio files from platforms including YouTube Music, Deezer and Genius while developing its generative music technology.
The material was obtained through a security breach and shared with investigative outlet 404 Media, which reported that the files included software, instructions and records connected to Suno’s data-collection operations in 2023 and 2024. The findings offer the most detailed account yet of how the company may have assembled the large training datasets behind its music-generation models.
One internal record reportedly referred to more than two million audio clips collected from YouTube Music. The files also indicated that Suno obtained substantial volumes of content from the French streaming platform Deezer, the lyrics website Genius, stock-music libraries and podcast services.
The leaked code allegedly included tools and instructions for downloading audio from protected platforms, separating vocals from instrumental tracks and processing the resulting files for use in machine-learning systems.
Some of the data appeared to include a cappella recordings, stems and other isolated musical elements that could help an AI model learn relationships among voices, melodies, instruments and production styles.
The disclosures are significant because Suno has faced repeated questions about whether copyrighted recordings were used without permission to train systems capable of generating complete songs from written prompts.
Major record labels have accused the company of copying protected music on a vast scale. Suno has argued that training AI systems on lawfully accessible material can qualify as fair use under US copyright law, a position that remains contested in court.
The leaked material could support allegations that Suno did not merely analyse music available across the open internet but actively extracted files from services whose terms and technical protections restrict unauthorised downloading.
The Recording Industry Association of America has previously accused the company of using «stream ripping» techniques to bypass YouTube’s protections and obtain sound recordings for training purposes.
Suno has not conceded that the leaked files prove copyright infringement. The legality of using copyrighted material for AI training remains unsettled, and courts may ultimately distinguish between copying during model development and whether the finished system reproduces protected expression.
The breach itself reportedly occurred in November 2025 but became public in July 2026. A hacker using the name «ellie.191» obtained portions of Suno’s source code and shared the material with journalists.
A Suno spokesperson said the incident was quickly contained and primarily involved outdated source code that was no longer being used by the company.
The company said its investigation found that no sensitive personal information had been compromised. It also said payment processing was handled through Stripe and that full credit-card details were not exposed.
Reports nevertheless indicated that the breached material included information connected to hundreds of thousands of customer accounts, potentially including email addresses, phone numbers and some Stripe-related payment records.
The revelations arrive as generative music companies seek closer commercial relationships with artists and record labels. Warner Music Group previously resolved its dispute with rival AI music company Udio and announced plans for a licensed music-generation service, increasing pressure on the sector to move towards authorised training catalogues.
For musicians and rights holders, the leaked files could intensify demands for transparency over exactly which recordings were used, how they were obtained and whether artists should be compensated when their work contributes to the development of commercial AI systems.
The case also illustrates the broader security risks facing AI companies. Training datasets, source code and internal scraping tools can reveal commercially sensitive information while exposing companies to additional legal scrutiny when obtained through a breach.
Suno allows users to generate full songs—including vocals, lyrics and instrumentation—from short written instructions. Its rapid growth has made it one of the most prominent companies in generative music, but the reported contents of the leaked files may deepen the legal and ethical controversy surrounding the technology on which that growth was built.
