Security vulnerabilities surface in the global AI race.

The relentless pursuit of artificial intelligence dominance is inadvertently creating a breeding ground for security vulnerabilities, according to a new report by cybersecurity firm Wiz. The rapid innovation in AI is pushing security best practices to the back burner, leaving companies exposed to significant risks.

Wiz’s analysis of the top 50 leading AI companies revealed a concerning trend: 65% had verified secrets, including API keys, tokens, and sensitive credentials, exposed on GitHub. These exposures often reside in overlooked branches and historical commits within code repositories, effectively bypassing standard security protocols that focus solely on the main codebase.

This isn’t just a theoretical problem; it’s a fundamental lapse in security hygiene impacting companies with a collective valuation exceeding $400 billion. These exposed credentials act as a “golden ticket” for malicious actors, granting them unauthorized access to sensitive systems, proprietary data, and even the coveted training models underpinning AI algorithms. The potential implications range from data breaches and intellectual property theft to the manipulation of AI models for nefarious purposes.

The issue goes beyond basic credential leakage. Wiz’s report highlights the growing complexity of supply chain security in the AI ecosystem. As enterprises increasingly integrate with AI startups, they inherit the startup’s security posture, which may be lacking, especially amidst the pressure to deliver rapid innovation. The study warns that exposed credentials could reveal organizational structures, training data, or even private models, giving competitors or malicious actors a significant advantage.

The Wiz report, examining companies listed in the Forbes AI 50, provides concrete examples that underscore the severity of the issue:

• LangChain was found to have exposed multiple Langsmith API keys with organizational management permissions and member listing. Attackers highly value this information for reconnaissance and social engineering.

• An enterprise-tier API key for ElevenLabs was discovered in a plaintext file, providing broad access to its text-to-speech platform.

• One AI 50 company left a HuggingFace token in a deleted code fork. This single token provided access to approximately 1,000 private models. The same company also leaked Weights & Biases keys, exposing training data for private models.

Wiz highlights that traditional security scanning methods are failing to keep pace. Standard scans of a company’s main GitHub repositories represent a “commoditized approach” that misses the most critical vulnerabilities. The researchers visualize the situation as an iceberg; the most obvious risks are visible, the greater danger lies beneath the surface.

To uncover these hidden risks, Wiz recommends a three-dimensional scanning methodology referred to as “Depth, Perimeter, and Coverage”:

• Depth: A deep dive into the “full commit history, commit history on forks, deleted forks, workflow logs, and gists” – areas often neglected by conventional scanners. This requires advanced techniques to parse and analyze historical data for residual secrets.

• Perimeter: Extending the scan beyond the core company to include affiliated organization members and contributors. These individuals may inadvertently check company-related secrets into their public repositories. Identifying these accounts necessitates tracking code contributors, organization followers, and analyzing correlations across related networks. This can involve sophisticated graph analysis to map relationships and track potential leak sources.

• Coverage: Specific identification of new AI-related secret types often missed by traditional scanners, such as keys for platforms like Weights & Biases, Groq, and Perplexity. This requires continuous updating of security tools to recognize new patterns associated with evolving AI platforms.

The widened attack surface is concerning, especially combined with the apparent security gaps at many fast-moving AI companies. The report revealed that almost half of leak disclosures failed to reach the intended recipient or didn’t receive a response. Many companies lacked official disclosure channels or simply failed to resolve the identified vulnerabilities.

Wiz’s findings provide three immediate action items for managing internal and third-party security risk:

1. Treat employees as part of the company’s attack surface. Create a Version Control System (VCS) member policy during employee onboarding. Mandate practices such as multi-factor authentication for personal accounts and separation of personal and professional activity on platforms like GitHub.

2. Advance internal secret scanning beyond basic repository checks. Mandate public VCS secret scanning as a “non-negotiable defense”. Adopt the “Depth, Perimeter, and Coverage” mindset to find threats.

3. Extend this scrutiny to the AI supply chain. When evaluating AI vendors, CISOs should assess secrets management, vulnerability disclosure practices and detection for their own secret types.

The core message is that the tools and platforms defining the next generation of technology are being built faster than security governance. Wiz concludes: “For AI innovators, the message is clear: speed cannot compromise security.” The same warning pertains to the enterprises that depend on that innovation. Strengthening security practices during this growth phase is critical to maintain trust and keep companies safe from attacks.