Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially allowing attackers unauthorized access to proprietary model data, training sets, and critical backend infrastructure. The findings, uncovered by cloud security platform Wiz, point to a significant blind spot in how AI-focused firms manage code security in fast-paced development environments.
Cloud Secrets Discovered in Public Repositories
Researchers at Wiz recently investigated the public GitHub activities of companies listed in Forbes’ “AI 50” — a roundup highlighting top privately-held AI startups. They found that 38 out of the 50 companies had inadvertently published secret keys, credentials, and sensitive tokens to their public repositories.
Leaked Credentials Pose Threats to AI Integrity and Confidentiality
According to Wiz, the exposed secrets included a wide range of sensitive access data. This potentially allowed privilege escalation and unauthorized access to critical infrastructure and services, including:
- Admin account tokens for internal systems
- API keys connecting to cloud platforms such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure
- Login credentials for development tools and internal dashboards
- Auth tokens for MLOps (Machine Learning Operations) platforms
Among the most concerning risks was the potential exposure of private AI model architectures and training datasets. These models are often proprietary and represent a firm’s most valuable intellectual property. Unauthorized access could allow competitors or malicious actors to replicate or poison AI models without detection.
Sector-Wide Exposure Highlights a Pattern of Poor Secret Hygiene
Wiz’s analysis indicates a broader pattern of poor credential hygiene, especially prevalent in fast-growing AI startups operating with aggressive time-to-market strategies. In environments where software development cycles are rapid and collaboration-heavy, developers often mistakenly commit sensitive files to public repositories.
GitHub: A Double-Edged Sword for Collaboration and Risk
While GitHub remains the ecosystem of choice for open-source collaboration, the security risks of unmanaged public repositories persist. Several contributing factors increase likelihood of exposure:
- Developers embedding plaintext secrets in environment files and uploading them to shared repos
- CI/CD (Continuous Integration and Continuous Delivery) pipelines misconfigured to store secrets in versioned code
- Lack of automated secret-scanning tools that can identify and block credential leaks during the commit stage
Wiz emphasized that several of the discovered secrets remained valid at the time of disclosure, significantly heightening the attack surface available to threat actors. In some cases, these secrets granted elevated cloud privileges, opening vectors for privilege escalation and data exfiltration of AI model artifacts.
From Initial Discovery to Disclosure and Fixes
Wiz responsibly disclosed the findings to the affected organizations, enabling them to rotate the compromised credentials and secure the exposed environments. Many of the firms responded promptly, but the situation underscores the fragile intersection of cloud-native AI development and secure code management.
Recommendations for Preventing Future Exposures
To reduce the risk of credential leaks, Wiz recommends the following best practices:
- Use secret management platforms to store credentials and remove hardcoded secrets from codebases
- Implement pre-commit hooks or Continuous Integration scanners that block commits containing sensitive patterns
- Adopt least-privilege access controls to minimize damage if a credential is compromised
- Rotate secrets regularly and invalidate old keys to mitigate risks post-exposure
- Audit public repositories continuously to identify and remove sensitive data
By adopting these practices, organizations can shift toward a more resilient security posture, especially when handling sensitive AI workloads.
AI’s Rapid Growth Needs Security That Keeps Pace
The discovery by Wiz serves as a wake-up call for the AI industry. As venture-backed startups race to develop generative and machine learning platforms, foundational security measures around GitHub access, cloud secrets, and data integrity cannot be an afterthought.
AI companies developing proprietary models must treat secrets management as a first-class component of their DevSecOps workflows. Without adequate protections, credentials leaked to GitHub can unlock the very systems, data pipelines, and models that define their competitive edge.
In a threat landscape increasingly focused on data exfiltration and intellectual property theft, simple lapses in secret hygiene can cascade into high-impact breaches. As the pace of AI development accelerates, security teams must ensure that cloud governance and data protection keep pace.
