A host of leading AI companies are leaking key data on GitHub and lack proper disclosure channels to even be notified of potential security problems.
That's according to research by cloud security firm Wiz, which examined 50 AI companies and found that 65% had leaked "verified secrets" on GitHub. Wiz said that could include data like API keys, tokens and credentials, many of which were buried deep in "deleted forks, gists and developer repos".
"Some of these leaks could have exposed organizational structures, training data, or even private models," Shay Berkovich, threat researcher at Wiz, and Rami McCarthy, principal security researcher at Wiz, said in a blog post.
The Wiz research follows a report earlier this year from Palo Alto Networks that showed data loss issues pinned on generative AI had more than doubled in early 2025, with AI data security incidents accounting for 14% of such problems across all software-as-a-service traffic.
Separate research last month suggested that AI coding tools are wreaking havoc themselves, with one-in-five CISOs saying they've suffered a major incident due to AI code. Such reports highlight the security risks posed by AI.
GitHub is a goldmine for threat actors
The Wiz researchers said they worked from the assumption that any big company with a large GitHub footprint likely has some exposed secrets, and worked their way through the Forbes AI 50 list to check that against leading AI companies, including big players like Anthropic and smaller startups.
Some didn't appear to use GitHub, but those that did were investigated by Wiz.
Leaks included keys that allowed access to insider data such as organizational members, which the researchers noted could be used by threat actors to target the company.
In another case, ElevenLabs API keys were listed in plaintext, which Wiz said suggested a relationship between vibe coding and leaking secrets.
Another company was leaking HuggingFace tokens in a deleted fork that allowed access to a thousand private models, as well as other data that revealed training details for private AI models.
One company had no public repositories and just 14 team members listed but still managed to leak sensitive data.
"Conversely, the company with the largest footprint without an exposed secret had 60 public repos and 28 organization members," researchers said.
What should companies do?
Wiz recommended companies run their own secret scans to ensure they aren't leaking such information, especially for anyone using a public Version Control System (VCS), but generally for all AI service providers.
"Too many shops leak their own API keys while 'eating their dogfood'," the researchers noted. "If your secret format is new, proactively engage vendors and the open source community to add support.
Wiz disclosed the leaks to all impacted companies, but in half of instances received no response or the message did not get through.
"Many lacked an official disclosure channel, failed to reply, and/or failed to resolve the issue," researchers said, calling for companies to ensure they have disclosure channels open and ready from day one.
"For AI innovators, the message is clear: speed cannot compromise security."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- AI security blunders have cyber professionals scrambling
- Some of the most popular open weight AI models show ‘profound susceptibility’ to jailbreak techniques
- Generative AI attacks are accelerating at an alarming rate
-
When cyber professionals go rogue: A former ‘ransomware negotiator’ has been charged amid claims they attacked and extorted businessesNews The attackers are alleged to have demanded ransoms of up to $10 million
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
