65% of Top AI Firms Found Exposing Verified API Keys and Tokens on GitHub

A comprehensive security analysis has uncovered a troubling reality: 65% of leading AI companies have leaked verified secrets on GitHub, exposing critical API keys, authentication tokens, and sensitive credentials that could compromise their entire organizations.

Researchers examined 50 prominent AI companies from the Forbes AI 50 list and discovered that nearly two-thirds had exposed verified secrets. These leaks weren’t confined to prominent locations either.

Hidden deep within deleted repository forks, gists, and developer repositories, many exposures escaped traditional scanning tools.

The affected companies have a combined valuation of over $400 billion, underscoring the widespread nature of this vulnerability.

The Anatomy of Modern Secret Leaks

Today’s secret leaks operate like an iceberg. On the surface lies the obvious risk: credentials committed directly to active repositories.

Beneath the surface, however, lies a deeper layer of exposure. Deleted forks retain their full commit history, making old secrets permanently accessible.

Workflow logs ...