Widespread GitHub secrets exposure across Forbes AI 50 AI firms
Trend
Summary
Hide ▲
Show ▼
A Wiz study found that 65% of 50 Forbes AI 50 firms had exposed verified secrets on GitHub, signaling a broad secrets-hygiene gap across leading private AI companies. The exposure pattern matters because the leaked data included API keys, tokens and credentials that could open access to sensitive systems and data. The finding shows that rapid AI growth is outpacing basic operational security controls.
Related Happenings
Miasma source code leak on GitHub
Data Leak
H score32
First: 10.06.2026 23:27
Last: 10.06.2026 23:27
Sources 1
About this happening:
The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...
Miasma source code leak on GitHub
Data LeakAbout this happening: The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...
Congress demands CISA answers on GitHub credential leak
Public Sector Action
H score19
First: 22.05.2026 19:34
Last: 22.05.2026 19:34
Sources 1
About this happening:
**Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...
Congress demands CISA answers on GitHub credential leak
Public Sector ActionAbout this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...
GitHub data exposed after GitHub breach
Data Leak
H score35
First: 20.05.2026 11:14
Last: 20.05.2026 11:14
Sources 1
About this happening:
GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub data exposed after GitHub breach
Data LeakAbout this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub internal repositories private-code leak claim
Data Leak
H score46
First: 20.05.2026 08:08
Last: 20.05.2026 08:08
Sources 1
About this happening:
GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
GitHub internal repositories private-code leak claim
Data LeakAbout this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
Latest development: 21.05.2026 17:45
A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.
CISA contractor GitHub repository exposed internal credentials
Data Leak
H score28
First: 18.05.2026 23:48
Last: 18.05.2026 23:48
Sources 1
About this happening:
A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...
CISA contractor GitHub repository exposed internal credentials
Data LeakAbout this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...
Latest development: 22.05.2026 19:34
On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.
Timeline
-
10.11.2025 18:45 2 articles · 8mo ago
Wiz study exposes GitHub secrets in Forbes AI 50 firms
Initial DisclosureWiz researchers examined 50 firms from the Forbes AI 50 list and found that 65% had exposed verified secrets on GitHub, including API keys, tokens and credentials. The exposures appeared in commit histories, deleted forks, gists and contributors’ personal repositories, with examples involving LangChain, ElevenLabs, WeightsAndBiases and HuggingFace. The findings also highlighted uneven vulnerability disclosure handling, and the researchers urged mandatory secrets scanning for public repositories, clear disclosure channels, and proprietary scanners for unique secret types.
Show sources
- 65% of Leading AI Companies Found With Verified Secrets Leaks — www.infosecurity-magazine.com — 10.11.2025 18:45
- 65% of Leading AI Companies Found With Verified Secrets Leaks — www.infosecurity-magazine.com — 10.11.2025 18:45