Suno AI music was trained on over 2 million songs scraped from YouTube.

Suno AI music was trained on over 2 million songs scraped from YouTube.

      For years, musicians have claimed that AI song generators utilized their work without permission. Recently, a hacker revealed the inner workings of these systems, exposing the details.

      Leaked source code from Suno, one of the largest AI music tools, sheds light on the situation. It developed its model by gathering millions of songs and lyrics from the internet. The data was obtained by 404 Media from a hacker who infiltrated the company.

      The trove of information is vast. One file labeled “youtube_music” recorded over 2 million clips. Other files contain tens of thousands of hours sourced from Deezer, Genius, and the stock library Pond5. Altogether, this amounts to decades of music recordings.

      Extracting the vocals

      The code specifies its targets. To obtain clean vocal tracks, it sought a cappella versions of songs on YouTube. To navigate YouTube’s restrictions, Suno used a proxy service called Bright Data for its scraping. Additionally, it scoured 420,000 podcasts, gathering about a million hours of spoken content.

      The latest developments from the EU tech industry, a tale from our seasoned founder Boris, and some dubious AI art. It’s free, delivered to your inbox weekly. Subscribe now! None of this information is completely new. In court, Suno has already acknowledged using “basically all quality music files” available on the open web for training. However, the leak exposes the processes behind that admission.

      Record labels have long made similar allegations. When suing Suno, the RIAA claimed the company duplicated “decades worth of the world’s most popular sound recordings,” accomplishing this through “stream ripping” from YouTube, avoiding the platform’s copyright protections.

      ‘Fair use,’ claims Suno

      Suno’s defense, like that of many AI companies, hinges on fair use. The organization asserts it trains on “publicly available music files” and creates models for “original creation.” It even omits artist names from its training data to prevent imitation.

      Regarding the breach, the company downplayed the situation. It described the November 2025 incident as “limited” and “quickly contained,” claimed the exposed code was outdated, and insisted no sensitive data was compromised. It noted that it does not store full payment card numbers and decided not to inform users at all.

      The hacker, known as ellie.191, presents a different account. They reported gaining access via the Shai-Hulud worm, acquiring an employee’s credentials, and obtaining customer emails, phone numbers, and Stripe records. Some users reported to 404 Media that Suno never notified them. The hacker’s motive? “I enjoy hacking anything and everything.”

      The larger conflict

      The timing is significant. Some labels have reached agreements, signing licensing deals with AI companies rather than engaging in legal battles. Sony remains in litigation, with an important fair-use decision anticipated this summer.

      Meanwhile, artists continue to express dissatisfaction with the agreements, asserting that they benefit little. Suno’s CEO, Mikey Shulman, previously remarked that most people “don’t enjoy the majority of the time they spend making music.” Those whose music contributed to training his model might have a different perspective.

Other articles

Thinking Machines Inkling: Murati's initial model with open weight. Thinking Machines Inkling: Murati's initial model with open weight. Mira Murati's initial model, Thinking Machines Inkling, is an open-weight 975B system that the lab acknowledges is not the top performer, designed for companies to make enhancements. Apple increases AppleCare+ rates as the memory shortage expands from hardware to services. Apple increases AppleCare+ rates as the memory shortage expands from hardware to services. Apple has increased monthly AppleCare+ subscription prices by 50 cents for Macs and iPads, following a series of price hikes influenced by the worldwide shortage of memory chips. OpenAI created GPT-Red to exploit its own AI and kept it concealed. OpenAI created GPT-Red to exploit its own AI and kept it concealed. OpenAI developed GPT-Red, an internal AI hacker that targets its own models to strengthen GPT-5.6 against prompt injection, and it performs so effectively that it cannot be released. Walden Robotics debuts with $300 million in funding and legs not included. Walden Robotics debuts with $300 million in funding and legs not included. Walden Robotics, a spin-off from Toyota, emerged from stealth mode with $300 million in funding at a valuation of $1.1 billion. Its factory humanoid robots operate on wheels instead of legs. The UK has recently suggested implementing a midnight curfew for teenagers on social media, which they can easily circumvent in a matter of seconds. The UK has recently suggested implementing a midnight curfew for teenagers on social media, which they can easily circumvent in a matter of seconds. The UK government has suggested implementing a midnight curfew that would prevent 16 and 17-year-olds from accessing apps such as Instagram, TikTok, and YouTube, though this limitation can be easily disabled with just a few taps. Apple increases AppleCare+ prices as the memory shortage transitions from hardware to services. Apple increases AppleCare+ prices as the memory shortage transitions from hardware to services. Apple has increased the monthly AppleCare+ subscription fees for Macs and iPads by 50 cents, continuing a trend of price hikes influenced by the global shortage of memory chips.

Suno AI music was trained on over 2 million songs scraped from YouTube.

A breach of Suno AI music revealed its source code, indicating that it harvested millions of tracks from YouTube, Deezer, and Genius to develop its song generator.