Leaked Suno files put AI music training data back under the copyright spotlight
Lead
Suno, one of the most visible AI music generation companies, is facing renewed scrutiny over how its models were trained. The Verge, citing 404 Media, reports that data obtained by a hacker offers a rare look at Suno’s internal data collection practices, including instructions to scrape audio, lyrics, and related material from major online services.
That matters because Suno has generally not disclosed the contents of its training datasets or the way they were acquired. In an industry where companies often describe web-scale training as lawful use of publicly available material, the alleged details of collection can be just as important as the fact that copyrighted works were used.
Key points
- Multiple sources were allegedly targeted: The leaked materials reportedly include scraping instructions for YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, the International Music Score Library Project, and other sources.
- The scale was substantial: One YouTube Music file reportedly showed Suno had consumed 2,013,545 YouTube Music clips at the time it was last updated. Other files described datasets containing hundreds of thousands of hours from YouTube Music and thousands of hours from platforms such as Deezer, Genius, IMSLP, Jamendo, and Pond5.
- The report connects to existing lawsuits: Suno is already facing copyright claims, including a case brought by the RIAA. In that litigation, Suno has acknowledged training on copyrighted materials while arguing that using publicly available music files from the open internet is protected by fair use.
- Collection methods are central: The RIAA has also alleged that Suno unlawfully circumvented YouTube’s copyright protections through “stream ripping.” 404 Media says the leaked materials appear to support parts of that narrative, including references to scraping YouTube and searching for a cappella versions of songs.
- A security issue is also in view: The hacker reportedly accessed some customer information, including email addresses, phone numbers, and Stripe-related payment details. Suno told 404 Media it became aware of the incident in November 2025, contained it quickly, and determined that sensitive personal information was not compromised.
Why it matters
The central question is not only whether Suno trained on copyrighted music, but how the material was obtained. AI companies often argue that model training is transformative and that open internet material can be used under fair use. Rights holders argue that large-scale ingestion of their catalogs can compete with the original market and exploit protected works without permission.
If courts focus only on the act of training, the case becomes a broad test of fair use in generative AI. If they also focus on alleged circumvention, scraping infrastructure, and platform protections, the dispute becomes more complicated. It could touch copyright law, anti-circumvention rules, platform terms, and data governance all at once.
For the music industry, the report may provide a more concrete story about how AI music systems are built: not simply by absorbing abstract musical patterns, but by collecting identifiable recordings, lyrics, and metadata at scale. For AI companies, it is a warning that training-data opacity is fragile. Source code, collection scripts, and dataset manifests can turn internal assumptions into public evidence.
Suno’s legal position may still rest on fair use, but the leaked materials raise the stakes for every company building generative audio systems from large online datasets.
Source: The Verge AI
Comments
Checking sign-in status...
Loading comments...