Cloud security giant Wiz recently performed an in-depth analysis of GitHub repositories associated with the world’s largest artificial intelligence companies and discovered widespread exposure of sensitive data. Their research, focusing on major players, revealed that a significant majority—specifically, 65% of the firms with a detectable GitHub footprint—had inadvertently leaked verified secrets. These exposures included critical credentials like API keys and tokens linked to services such as Google API, Hugging Face, Weights & Biases, and others.
The cumulative market value of the companies identified with these verified secret leaks was noted by Wiz to exceed $\$400$ billion, underscoring the financial gravity of the security lapse.Traditional methods for discovering leaked secrets often rely on GitHub’s native scanners, automated third-party tools, or scans performed by the repository owners themselves. However, for their “secrets sprawl” study, Wiz employed a much more aggressive and comprehensive scanning technique. The firm deliberately took a different approach by targeting areas frequently missed by standard checks, including the full commit history, the commit history on repository forks, deleted forks, workflow logs, and gists.
Furthermore, their scans were designed to identify less common AI-related secrets that might evade detection by conventional security tools.A crucial part of Wiz’s methodology involved extending their scrutiny beyond the core organizational repositories. They also examined the public repositories belonging to individual members and contributors of the core organization, recognizing that these individuals could unknowingly expose company secrets through their personal, publicly available code. This deep-dive approach was intended to catch secrets inadvertently exposed in side projects or personal contributions, which often connect back to the employer’s infrastructure.
This broader net helped them uncover the scale of the secret leaks across the industry.Upon completing the analysis, the impacted AI companies were promptly notified of the findings. While some firms, such as ElevenLabs and Langchain, were praised by Wiz for their rapid and effective response to the disclosure, the overall engagement was mixed.
The security firm reported difficulties in its disclosure process, noting that nearly half of its attempts to report the vulnerabilities either failed to reach the vendor or received no subsequent response. Wiz attributed this high rate of non-resolution to common issues such as a lack of official disclosure channels, a failure to reply to the report, or simply not resolving the exposed issue.Finally, Wiz’s findings highlighted the disparity in security practices across the industry. In one counterintuitive example, they found a company with no public repositories and only a dozen or so organization members that was actively leaking secrets.
Conversely, another organization with a substantial presence—featuring 60 public repositories and 28 members, was found to have no exposed secrets at all. Wiz suggested that this stark contrast demonstrates that the volume of public code is not the primary risk factor, but rather the effectiveness of an organization’s secrets management policies and their overall security posture.
Reference:
