Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Widespread GitHub secrets exposure across Forbes AI 50 AI firms

Target Trend
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

A Wiz study found that 65% of 50 Forbes AI 50 firms had exposed verified secrets on GitHub, signaling a broad secrets-hygiene gap across leading private AI companies. The exposure pattern matters because the leaked data included API keys, tokens and credentials that could open access to sensitive systems and data. The finding shows that rapid AI growth is outpacing basic operational security controls.

Related Happenings

Congress demands CISA answers on GitHub credential leak

Public Sector Action
First: 22.05.2026 19:34 Last: 22.05.2026 19:34 Sources 1

About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...

Open Happening

GitHub data exposed after GitHub breach

Data Leak
First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

Open Happening

GitHub internal repositories private-code leak claim

Data Leak
First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Open Happening

CISA contractor GitHub repository exposed internal credentials

Data Leak
First: 18.05.2026 23:48 Last: 18.05.2026 23:48 Sources 1

About this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...

Latest development: 22.05.2026 19:34

On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.

Open Happening

Moltbook wide-open database exposure

Data Leak
First: 22.04.2026 13:41 Last: 22.04.2026 13:41 Sources 1

About this happening: The **Moltbook** database exposure placed **35,000 email addresses** and **1.5 million agent API tokens** at risk, creating immediate potential for account hijacking and credentia...

Open Happening

Timeline

  1. 10.11.2025 18:45 2 articles · 6mo ago

    Wiz study exposes GitHub secrets in Forbes AI 50 firms

    Initial Disclosure

    Wiz researchers examined 50 firms from the Forbes AI 50 list and found that 65% had exposed verified secrets on GitHub, including API keys, tokens and credentials. The exposures appeared in commit histories, deleted forks, gists and contributors’ personal repositories, with examples involving LangChain, ElevenLabs, WeightsAndBiases and HuggingFace. The findings also highlighted uneven vulnerability disclosure handling, and the researchers urged mandatory secrets scanning for public repositories, clear disclosure channels, and proprietary scanners for unique secret types.

    Show sources
    Open in new tab