#secret-leakage
#secret-leakage

[ follow ]

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

Traditional security frameworks are inadequate for AI-specific threats, enabling large-scale secret leaks despite compliance and audits.

fromTheregister

1 month ago

AI companies keep publishing private API keys to GitHub

"Some of these leaks could have exposed organizational structures, training data, or even private models," said Wiz threat researchers Shay Berkovich and Rami McCarthy in a blog post. The secrets consist of API keys, tokens, and other digital credentials that are supposed to be kept out of code commits to git repos. But as the security biz noted last month, developers of VS Code extensions keep making their secrets known, a problem that McCarthy has attributed in part to vibe coding.

Information security

fromInfoWorld

2 months ago

Threat actors are spreading malicious extensions via VS marketplaces

Over 500 Visual Studio extensions contained exposed access tokens and secrets, enabling potential exploitation across thousands of installs due to bundled dotfiles and hardcoded credentials.

Information security

fromTheregister

2 months ago

Devs of VS Code extensions are leaking secrets en masse

VS Code extensions frequently expose sensitive secrets, enabling potential large-scale supply chain attacks.

[ Load more ]

#secret-leakage#secret-leakage

Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

AI companies keep publishing private API keys to GitHub

Threat actors are spreading malicious extensions via VS marketplaces

Devs of VS Code extensions are leaking secrets en masse

#secret-leakage
#secret-leakage