A comprehensive security analysis has uncovered a troubling reality: 65% of leading AI companies have leaked verified secrets on GitHub, exposing critical API keys, authentication tokens, and sensitive credentials that could compromise their entire organizations.
Researchers examined 50 prominent AI companies from the Forbes AI 50 list and discovered that nearly two-thirds had exposed verified secrets. These leaks weren’t confined to prominent locations either.
Hidden deep within deleted repository forks, gists, and developer repositories, many exposures escaped traditional scanning tools.
The affected companies have a combined valuation of over $400 billion, underscoring the widespread nature of this vulnerability.
The Anatomy of Modern Secret Leaks
Today’s secret leaks operate like an iceberg. On the surface lies the obvious risk: credentials committed directly to active repositories.
Beneath the surface, however, lies a deeper layer of exposure. Deleted forks retain their full commit history, making old secrets permanently accessible.
Workflow logs contain credentials used during automated deployments. Personal repositories of developers employed at AI firms often harbor organizational secrets accidentally committed and forgotten.
This layered exposure creates multiple attack vectors that conventional scanners miss.
The research methodology expanded far beyond standard GitHub organization searches, investigating commit histories across forked repositories, deleted forks, workflow configurations, and even personal developer accounts, showing connections to target companies.
The leaked credentials represented some of the most valuable assets in AI companies’ infrastructures.
WeightsAndBiases tokens exposed training data for private machine learning models. HuggingFace authentication tokens granted access to thousands of private model repositories.
ElevenLabs API keys and LangChain organization credentials provided gateway access to proprietary systems and sensitive organizational information.
Beyond immediate functional compromises, these leaks revealed organizational structures, member lists, and internal relationships that threat actors consider highly valuable for targeting and social engineering attacks.
In one notable case, a deleted fork containing an HuggingFace token provided access to approximately 1,000 private models, along with multiple WeightsAndBiases keys that exposed training datasets for numerous proprietary systems.
The research revealed an encouraging detail: companies could prevent these exposures. One AI firm maintained 60 public repositories and 28 organization members without a single exposed secret, suggesting that solid secrets management strategies genuinely work.
Even companies with minimal public footprints experienced leaks, proving that exposure is not inevitable with scale.
Industry leaders like LangChain and ElevenLabs acknowledged and promptly fixed disclosed vulnerabilities. However, the overall disclosure landscape remains challenging.
Nearly half of the reported leaks either failed to reach their targets or received no response. Many companies lacked official disclosure channels or ignored security reports.
Organizations racing to lead the AI revolution need to implement three critical security measures immediately.
First, deploy mandatory secret scanning across all public version control systems now. This is non-negotiable, regardless of organization size or repository count.
Second, establish proper disclosure channels and response procedures from the beginning. Young AI startups must treat security programs as foundational elements rather than afterthoughts.
Third, AI service providers must work with the broader security community to ensure detection tools support emerging, proprietary secret formats before those formats proliferate across thousands of repositories.
The future of AI depends on speed and innovation. But that future becomes worthless if the innovations themselves become compromised. For AI companies everywhere, securing secrets must keep pace with advancing capabilities.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.