Wiz’s in-depth analysis of GitHub repositories of top AI companies revealed that 65% had leaked sensitive secrets like API keys and tokens, potentially exposing private data and models. Many firms lacked effective disclosure channels or failed to respond to disclosures, underscoring the need for better secrets management and detection strategies. #GitHubLeaks #AISecrets
Keypoints
- Wiz conducted comprehensive scans of GitHub repositories, including full commit histories and deleted forks.
- 65% of AI companies on the Forbes AI 50 list had leaked verified secrets valued at over $400 billion.
- Leaked secrets included API keys, tokens, and credentials for companies like Google, Hugging Face, and ElevenLabs.
- Many organizations lacked proper disclosure channels and did not respond to identified leaks.
- Effective secrets management was noted in companies with numerous public repositories and organized teams.
Read More: https://www.securityweek.com/many-forbes-ai-50-companies-leak-secrets-on-github/