HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

AI-Service Credential Leaks Surge 81% with 29M Secrets Exposed on Public GitHub

GitGuardian reports an 81 % jump in AI‑service credential leaks, with 29 million secrets now visible on public GitHub. The exposure spans major LLM providers and threatens enterprises that rely on third‑party AI APIs, creating a hidden vector for abuse and cost leakage.

LiveThreat™ Intelligence · 📅 March 17, 2026· 📰 hackread.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
hackread.com

AI‑Service Credential Leaks Surge 81% as 29 Million Secrets Surface on Public GitHub

What Happened — GitGuardian’s monitoring platform recorded an 81 % increase in AI‑service credential leaks over the past quarter, with roughly 29 million secrets (API keys, tokens, and passwords) now visible in public GitHub repositories. The surge spans multiple AI providers, including large‑language‑model APIs and downstream tooling.

Why It Matters for TPRM

  • Exposed AI‑service keys can be abused to consume paid compute, steal proprietary data, or launch further attacks against your supply chain.
  • Third‑party AI integrations are increasingly embedded in enterprise workflows; compromised credentials create a hidden attack surface.
  • Traditional vendor assessments often overlook code‑base hygiene, making this a blind spot for many organizations.

Who Is Affected — Technology SaaS firms, cloud‑infrastructure providers, AI‑service vendors, and any enterprise that integrates external AI APIs into its products or internal tools.

Recommended Actions

  • Conduct an immediate audit of all public and internal code repositories for AI‑service credentials.
  • Enforce secret‑scanning tools (e.g., GitGuardian, TruffleHog) in CI/CD pipelines.
  • Rotate any discovered keys and implement short‑lived token policies.
  • Update third‑party risk questionnaires to include AI‑service secret management controls.

Technical Notes — The leaks stem from developers inadvertently committing API keys, OAuth tokens, and service‑account credentials to public GitHub repos. No specific CVE is involved; the issue is a widespread misconfiguration and lack of secret‑management hygiene. Affected data includes API keys for OpenAI, Anthropic, Cohere, and other AI platforms, as well as associated billing credentials. Source: HackRead

📰 Original Source
https://hackread.com/gitguardian-reports-an-81-surge-of-ai-service-leaks-as-29m-secrets-hit-public-github/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

Data exposure is where consent and DSAR readiness get tested.

When personal data leaks, regulators ask what consent you held and how fast you can answer a subject request. The Verisq AI Trust Operations platform, with CookiePLUS, keeps that posture audit-ready under GDPR and CCPA.

Explore the Verisq AI Trust Operations platform →