10K Docker images spray live cloud creds across the internet

Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank.

That's according to security watchers at Canadian cybersecurity firm Flare, which, in its analysis of Docker Hub images uploaded in November 2025, says it uncovered 10,456 containers leaking one or more secrets, many of which grant access to production systems, cloud services, CI/CD pipelines, and AI platforms. Almost half of the offending images contained five or more exposed values, meaning a single pull could hand an attacker enough keys to roam across critical infrastructure.

The exposed secrets aren't theoretical test tokens or placeholders: they include active credentials. The most common category detected was API keys for large language models and other AI services, with almost 4,000 model ...