Subj : Leading AI companies keep leaking their own information on GitHub To : All From : TechnologyDaily Date : Tue Nov 11 2025 16:15:08 Leading AI companies keep leaking their own information on GitHub Date: Tue, 11 Nov 2025 16:04:00 +0000 Description: Of the leading 50 AI companies, 65% were found to be leaking data. FULL STORY ======================================================================Research ers find 65% of the Forbes top 50 AI companies are leaking secrets These come in the form of tokens, API keys, and sensitive credentials Wiz used a 'Depth, Perimeter, and Coverage' approach to spot leaks AI companies have had a pretty rocky history with cybersecurity and data privacy, and new research from Wiz shows this still hasnt improved. Looking at the Forbes top 50 leading AI companies as a benchmark, the experts uncovered nearly two-thirds (65%) of these top AI firms were leaking verified secrets on GitHub. These tokens, sensitive credentials, and API keys were found buried deep in places most researchers and scanners would never encounter, like deleted forks, developer repos, and gists. No reply Wiz says it used a Depth, Perimeter, and Coverage framework to approach these GitHub repositories, enabling them to access and search for new sources, to go further than the secrets on the surface for a deep scan that uncovers more than traditional searches. The Perimeter aspect of their research entailed expanding discovery to contributors and organiztion members, who can often inadvertently check company-related secrets into their own public repositories and gists. Coverage relates to new secret types often missed by traditional scanners, like Tavily, Langchain, Cohere, or Pinecone. Interestingly, when the researchers disclosed these leaks to the targets, almost half of these notifications either failed to reach them, received no response due to a lack of official notification channel, or the company failed to reply or solve the issue. The researchers recommend deploying secret scanning immediately as a non-negotiable defense - no matter what size your organization is. They also recommend prioritizing detection for their own secret types; too many shops leak their own API keys while "eating their dogfood." If your secret format is new, proactively engage vendors and the open source community to add support. Finally, they advise that companies prepare a dedicated channel for disclosure. Disclosure protocol is an essential security measure that can give your company a head-start on any vulnerabilities or leaks, so these channels can be a vital information sharing source. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. ====================================================================== Link to news story: https://www.techradar.com/pro/security/leading-ai-companies-keep-leaking-their -own-information-on-github --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .