AI/ML, Identity, API security

Study: AI firms prevalently expose verified secrets

Passkey

Infosecurity Magazine reports that API keys, credentials, tokens, and other verified secrets had been leaked on GitHub by 65% of the 50 leading artificial intelligence firms listed by Forbes, which were valued at over $400 billion.

API keys from WeightsAndBiases, ElevenLabs, and HuggingFace, which could have been leveraged to compromise private training information or organizational data, were the most prevalently exposed secrets, according to Wiz researchers.

Nearly 1,000 private models were leaked by an unnamed AI company due to a HuggingFace token within a deleted fork, while Python and Jupyter files were found to have exposed LangChain API keys. Additional findings revealed that the number of public repositories and members did not correlate with the risk of data exposure.

"Speed cannot compromise security. For teams building the future of AI, both must move together," said Wiz, which urged not only the adoption of mandatory secret scanning across public repositories and the creation of transparent disclosure channels, but also the establishment of proprietary scanners for different kinds of secrets.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

API SecurityBasic AuthenticationBiometricsCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Cloud ComputingDigest AuthenticationDigital CertificateDiscretionary Access Control (DAC)Greynet

You can skip this ad in 5 seconds