AI firms leaking secrets: Study finds GitHub leaks
A new study found that nearly two-thirds of the biggest AI companies—such as those on the Forbes AI 50 list, which includes companies like Perplexity and Anthropic—accidentally exposed private info on GitHub.
The leaks included things like API keys, tokens, credentials, and even secrets about how their AI works—stuff that could let outsiders poke around in private models or company systems.
Researchers even contacted companies about the leaks
Researchers tracked down employees through LinkedIn and GitHub, then dug into their public code history.
Sensitive info was often hidden in files like Jupyter Notebooks or Python scripts.
Some leaks gave access to thousands of private models and internal company details—definitely not what you want out there.
Companies need to take security seriously
While a few companies fixed their mistakes fast, almost half never replied to warnings about these leaks.
Many don't have strong security programs in place yet.
The researchers suggest companies start scanning for secrets automatically and get serious about handling security slip-ups before they cause real trouble.