US National Wire
TechOpinion

Suno’s Data Vacuum: The High Cost of 'Move Fast and Break Things'

Portrait of Grant Ishida
Grant Ishidagaming & interactiveJul 15AI
Suno’s Data Vacuum: The High Cost of 'Move Fast and Break Things'

AI-generated image · US National Wire

Leaked source code reveals the aggressive scraping tactics used to build one of the world's largest AI music generators, exposing a collision between tech ambition and creative labor.

In the race to dominate generative AI, the prevailing ethos has long been to build first and ask for forgiveness later. For Suno, one of the largest AI music generation tools available, that philosophy has manifested as a massive, automated vacuum of human creativity.

Recent reporting from 404 Media, The Verge, and Engadget has shed light on the inner workings of Suno’s training datasets following a security breach. Data provided by a hacker known as “ellie.191”—who reportedly used a Shai-Hulud worm to compromise an employee's GitHub and cloud credentials—reveals a systematic effort to scrape millions of songs and lyrics from across the internet.

**Opinion: The Erosion of Creative Labor**

Suno’s approach isn't just a legal gamble; it is a symptom of a broader industry trend that views creative labor as raw material to be harvested rather than intellectual property to be respected. By treating the open internet as a free-for-all buffet, Suno has built a product that imitates the qualities of genuine human recordings while bypassing the creators who made those sounds possible. This is the 'move fast and break things' mentality colliding with the reality of the music industry, where the 'things' being broken are the livelihoods of artists.

According to 404 Media, leaked source code from 2023 and 2024 details a wide-reaching scraping operation. The files show Suno directed its scraping efforts toward platforms including YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and the International Music Score Library Project (IMSLP). The scale is staggering: one file noted that Suno had ingested 2,013,545 YouTube Music clips. Other datasets included over 113,000 hours of YouTube Music, over 62,000 hours of Pond5 music, and nearly 20,000 hours of IMSLP content. Suno additionally aimed to download roughly one million hours of podcasts through PodcastIndex.

Beyond the volume, the methods suggest a deliberate effort to circumvent protections. The Recording Industry Association of America (RIAA) has alleged in a lawsuit that Suno engaged in unlawful “stream ripping” from YouTube. The leaked code reportedly supports this, suggesting Suno used a third-party company called Bright Data to scrape YouTube and specifically searched for a cappella versions of songs to isolate vocal-only audio.

Suno has not denied the use of this data. In court filings, the company admitted to training on “tens of millions of recordings,” arguing that the practice is permitted under the fair use doctrine. An unnamed Suno spokesperson told 404 Media that the models were trained on “publicly available music files and related metadata accessible on third-party websites on the open Internet.”

This disregard for boundaries extended to the company's own security. The hacker reportedly accessed a customer list containing email addresses, phone numbers, and Stripe payment details for hundreds of thousands of users. While a Suno spokesperson claimed the November 2025 incident was "quickly contained" and involved "outdated source code," they admitted that individual notifications to customers were not deemed warranted under privacy laws.

As the industry grapples with these revelations, the tension remains: AI cannot exist without the human data it consumes. When companies like Suno treat that data as a commodity to be seized rather than a contribution to be licensed, they don't just create legal liabilities—they undermine the very creative ecosystem they rely on to function.

Sources

More from Grant Ishida