A host of leading AI companies are leaking key data on GitHub and lack proper disclosure channels to even be notified of potential security problems.
That's according to research by cloud security firm Wiz, which examined 50 AI companies and found that 65% had leaked "verified secrets" on GitHub. Wiz said that could include data like API keys, tokens and credentials, many of which were buried deep in "deleted forks, gists and developer repos".
"Some of these leaks could have exposed organizational structures, training data, or even private models," Shay Berkovich, threat researcher at Wiz, and Rami McCarthy, principal security researcher at Wiz, said in a blog post.
The Wiz research follows a report earlier this year from Palo Alto Networks that showed data loss issues pinned on generative AI had more than doubled in early 2025, with AI data security incidents accounting for 14% of such problems across all software-as-a-service traffic.
Separate research last month suggested that AI coding tools are wreaking havoc themselves, with one-in-five CISOs saying they've suffered a major incident due to AI code. Such reports highlight the security risks posed by AI.
GitHub is a goldmine for threat actors
The Wiz researchers said they worked from the assumption that any big company with a large GitHub footprint likely has some exposed secrets, and worked their way through the Forbes AI 50 list to check that against leading AI companies, including big players like Anthropic and smaller startups.
Some didn't appear to use GitHub, but those that did were investigated by Wiz.
Leaks included keys that allowed access to insider data such as organizational members, which the researchers noted could be used by threat actors to target the company.
In another case, ElevenLabs API keys were listed in plaintext, which Wiz said suggested a relationship between vibe coding and leaking secrets.
Another company was leaking HuggingFace tokens in a deleted fork that allowed access to a thousand private models, as well as other data that revealed training details for private AI models.
One company had no public repositories and just 14 team members listed but still managed to leak sensitive data.
"Conversely, the company with the largest footprint without an exposed secret had 60 public repos and 28 organization members," researchers said.
What should companies do?
Wiz recommended companies run their own secret scans to ensure they aren't leaking such information, especially for anyone using a public Version Control System (VCS), but generally for all AI service providers.
"Too many shops leak their own API keys while 'eating their dogfood'," the researchers noted. "If your secret format is new, proactively engage vendors and the open source community to add support.
Wiz disclosed the leaks to all impacted companies, but in half of instances received no response or the message did not get through.
"Many lacked an official disclosure channel, failed to reply, and/or failed to resolve the issue," researchers said, calling for companies to ensure they have disclosure channels open and ready from day one.
"For AI innovators, the message is clear: speed cannot compromise security."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- AI security blunders have cyber professionals scrambling
- Some of the most popular open weight AI models show ‘profound susceptibility’ to jailbreak techniques
- Generative AI attacks are accelerating at an alarming rate
-
Hounslow Council partners with Amazon Web Services (AWS) to build resilience and transition away from legacy techSpomsored One of the most diverse and fastest-growing boroughs in London has completed a massive cloud migration project. Supported by AWS, it was able to work through any challenges
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
HPE selects CrowdStrike to safeguard high-performance AI workloadsNews The security vendor joins HPE’s Unleash AI partner program, bringing Falcon security capabilities to HPE Private Cloud AI
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
