According to Wiz, competition among AI companies has led many companies to ignore basic security hygiene practices.
Of the 50 largest AI companies analyzed by a cybersecurity firm, 65% had leaked verified sensitive information on GitHub. Leaks include API keys, tokens, and sensitive credentials, often buried in code repositories that go unchecked by standard security tools.
Salt Security’s UK&I country manager, Glyn Morgan, explained that this trend is a fundamental error that is preventable. “If an AI company accidentally releases its API key, it exposes an obvious security flaw that could be avoided,” he said.
“This is a textbook example of governance combined with security configuration, two of the risk categories that OWASP flags. Pushing credentials into a code repository gives attackers a golden ticket to systems, data, and models, effectively bypassing normal layers of defense.”
The Wiz report highlights the increasing complexity of supply chain security risks. This issue extends beyond your internal development team. As companies increasingly partner with AI startups, they may inherit their security posture. The researchers warned that some of the breaches they discovered “may have exposed organizational structures, training data, and even private models.”
The financial stakes are considerable. The combined valuation of the companies identified and analyzed for leaks exceeds $400 billion.
This report focuses on companies listed in the Forbes AI 50 and provides examples of risks.
- LangChain was found to have exposed multiple Langsmith API keys, including one with permission to manage an organization and list its members. This kind of information is highly valued for reconnaissance by attackers.
- It was discovered that Eleven Labs’ enterprise tier API key resides in a clear text file.
- An anonymous AI 50 company had published HuggingFace tokens in a code fork that has since been removed. This single token “grants access to approximately 1,000 private models.” The same company also leaked the WeightsAndBiases key, exposing “many private model training data.”
Wiz’s report suggests that this problem is so prevalent that traditional security scanning methods are no longer sufficient. Relying on a basic scan of a company’s major GitHub repositories is a “commoditized approach” that misses the most significant risks.
Researchers describe this situation as an “iceberg” (i.e., the most obvious risks are visible, but the greater dangers are “below the surface”). To find these hidden risks, the researchers employed a three-dimensional scanning technique they called “depth, perimeter, and extent.”
- Depth: Their deep scan analyzed “complete commit history, commit history across forks, deleted forks, workflow logs and gist,” areas that most scanners “never touch.”
- Perimeter: The scan has expanded beyond the company’s core organization to include organizational members and contributors. These individuals may “inadvertently check company-related secrets into their public repositories.” The team identified these adjacent accounts by tracking the code poster, the organization’s followers, and “correlation among related networks such as HuggingFace and npm.”
- coverage: The researchers specifically looked for new AI-related secret types that traditional scanners often miss, such as keys for platforms like WeightsAndBiases, Groq, and Perplexity.
This expansion of the attack surface is particularly concerning given the apparent lack of security maturity in many rapidly changing enterprises. The report notes that when researchers attempted to disclose leaked information, nearly half of the disclosures failed to meet their targets or did not receive a response. Many companies either had no formal disclosure channels or simply failed to resolve the issue when notified.
Wiz’s findings serve as a warning to enterprise technology managers, highlighting three immediate action items to manage both internal and third-party security risks.
- Security leaders must treat employees as part of the company’s attack surface. The report recommends creating a version control system (VCS) member policy that is enforced during employee onboarding. This policy should mandate practices such as using multi-factor authentication for personal accounts and strictly separating personal and professional activities on platforms like GitHub.
- Internal secret scanning must evolve beyond basic repository checks. The report calls for companies to require public VCS secret scans as a “non-negotiable line of defense.” This scan should employ the “depth, perimeter, and coverage” mentality mentioned above to find threats that lurk below the surface.
- This level of oversight needs to be extended throughout the AI supply chain. When evaluating or integrating tools from AI vendors, CISOs should examine their company’s confidentiality management and vulnerability disclosure practices. The report notes that many AI service providers are leaking their proprietary API keys and should “prioritize discovery of proprietary secret types.”
The central message for enterprises is that the tools and platforms that define next-generation technologies are often being built at a faster pace than security governance. Wiz concludes: “For AI innovators, the message is clear: Speed must not come at the expense of security.” The same warning applies to the companies that rely on their innovations.
See also: Exclusive: Dubai’s digital government chief says speed trumps spending in AI efficiency race
Want to learn more about AI and big data from industry leaders? Check out the AI & Big Data Expo in Amsterdam, California, and London. This comprehensive event is part of TechEx and co-located with other major technology events such as Cyber Security Expo. Click here for more information.
AI News is brought to you by TechForge Media. Learn about other upcoming enterprise technology events and webinars.
