65% of Top AI Firms Leaked Secrets on GitHub, Exposing API Keys and Credentials

Sensitive Data Spills from Top AI Firms

A study of 50 leading AI companies found that 65% had leaked verified secrets on GitHub, including API keys, tokens, and sensitive credentials. Wiz researchers identified leaks that could expose organizational structures, training data, or private models.

Why This Matters

The technical reality of software development often clashes with ideal security models. While tools like secret scanning exist, human error, misconfigured repositories, and inadequate DevOps practices continue to expose sensitive data. The cost of such leaks can be catastrophic, with breaches potentially compromising intellectual property, customer trust, and regulatory compliance.

Key Insights

• “65% of top AI firms leaked secrets on GitHub, 2025”: Wiz researchers Shay Berkovich and Rami McCarthy
• “Sagas over ACID for e-commerce”: Not directly relevant, but highlights trade-offs in distributed systems
• “Guardio used by Lovable AI”: To detect phishing and scams in generative AI workflows

Practical Applications

• Use Case: AI firms deploying secret scanning tools to GitHub repositories
• Pitfall: Relying on public VCS without automated secret detection, leading to exposed credentials

References:

• https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html