65% of Leading AI Companies Leak Sensitive Secrets on GitHub
Summary
Hide ▲
Show ▼
A study by Wiz found that 65% of leading AI companies from the Forbes AI 50 list exposed verified secrets such as API keys, tokens, and credentials on GitHub. The affected companies collectively have a valuation exceeding $400 billion. The research highlights that rapid AI innovation is outpacing basic cybersecurity practices, with even firms with minimal public repositories leaking sensitive information. The study employed an advanced scanning framework to uncover secrets hidden in obscure or deleted parts of codebases, revealing that some companies lacked proper disclosure processes for vulnerability reports.
Timeline
-
10.11.2025 18:45 1 articles · 23h ago
Wiz Study Reveals 65% of Leading AI Companies Leak Sensitive Secrets on GitHub
A study by Wiz found that 65% of leading AI companies from the Forbes AI 50 list exposed verified secrets such as API keys, tokens, and credentials on GitHub. The affected companies collectively have a valuation exceeding $400 billion. The research highlights that rapid AI innovation is outpacing basic cybersecurity practices, with even firms with minimal public repositories leaking sensitive information. The study employed an advanced scanning framework to uncover secrets hidden in obscure or deleted parts of codebases, revealing that some companies lacked proper disclosure processes for vulnerability reports.
Show sources
- 65% of Leading AI Companies Found With Verified Secrets Leaks — www.infosecurity-magazine.com — 10.11.2025 18:45
Information Snippets
-
65% of leading AI companies from the Forbes AI 50 list exposed verified secrets on GitHub.
First reported: 10.11.2025 18:451 source, 1 articleShow sources
- 65% of Leading AI Companies Found With Verified Secrets Leaks — www.infosecurity-magazine.com — 10.11.2025 18:45
-
The affected companies are valued at over $400 billion.
First reported: 10.11.2025 18:451 source, 1 articleShow sources
- 65% of Leading AI Companies Found With Verified Secrets Leaks — www.infosecurity-magazine.com — 10.11.2025 18:45
-
Wiz researchers used a "Depth, Perimeter and Coverage" framework to scan commit histories, deleted forks, gists, and contributors’ personal repositories.
First reported: 10.11.2025 18:451 source, 1 articleShow sources
- 65% of Leading AI Companies Found With Verified Secrets Leaks — www.infosecurity-magazine.com — 10.11.2025 18:45
-
Commonly leaked credentials included API keys from WeightsAndBiases, ElevenLabs, and HuggingFace.
First reported: 10.11.2025 18:451 source, 1 articleShow sources
- 65% of Leading AI Companies Found With Verified Secrets Leaks — www.infosecurity-magazine.com — 10.11.2025 18:45
-
Nearly half of all disclosures either went unanswered or failed to reach their targets.
First reported: 10.11.2025 18:451 source, 1 articleShow sources
- 65% of Leading AI Companies Found With Verified Secrets Leaks — www.infosecurity-magazine.com — 10.11.2025 18:45