A security investigation has revealed that 65% of prominent AI companies have accidentally exposed API keys, tokens, and sensitive credentials on GitHub. This alarming trend was uncovered by Wiz, which analyzed 50 industry-leading AI companies. The analysis highlighted serious vulnerabilities, particularly in deleted forks, gists, and developer repositories that are often overlooked by ordinary scanning tools.
Wiz researchers utilized a unique three-pronged methodology focusing on depth, perimeter, and coverage to uncover these leaks. They found notable leaks such as Langsmith API keys and ElevenLabs enterprise-tier credentials stored in plaintext, which can lead to severe operational risks. Notably, one company’s leaked Hugging Face token could access approximately 1,000 private models. This indicates that both major corporations valued over $400 billion and smaller companies are equally vulnerable, necessitating immediate action to enhance security protocols in AI.
👉 Pročitaj original: Cyber Security News
