"A host of leading AI companies are leaking key data on GitHub and lack proper disclosure channels to even be notified of potential security problems. That's according to research by cloud security firm Wiz, which examined 50 AI companies and found that 65% had leaked "verified secrets" on GitHub. Wiz said that could include data like API keys, tokens and credentials, many of which were buried deep in "deleted forks, gists and developer repos"."
""Some of these leaks could have exposed organizational structures, training data, or even private models," Shay Berkovich, threat researcher at Wiz, and Rami McCarthy, principal security researcher at Wiz, said in a ."
Examination of 50 AI companies found 65% leaked verified secrets on GitHub. Leaked items included API keys, tokens, and credentials, many located in deleted forks, gists, and developer repositories. A large portion of companies lack proper vulnerability disclosure channels to be notified of potential security problems. Some leaks had the potential to expose organizational structures, training data, or private models. These exposures increase the risk of unauthorized access, theft or misuse of proprietary training material, and compromise of private model integrity. Stronger secret management and disclosure processes are needed to mitigate these risks.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]