HomeLatest NewsCyber SecurityAI firms risk data exposure through leaked credentials on GitHub, says Keeper Security CISO

AI firms risk data exposure through leaked credentials on GitHub, says Keeper Security CISO

Keeper Security’s CISO warns that leaked credentials on GitHub expose AI companies to growing cybersecurity risks, stressing stronger visibility, control and identity management for machine-based access.

Preferred Source of Google

Leading artificial intelligence companies have been found leaking sensitive credentials on GitHub, underscoring the growing risk of unmanaged machine identities as AI and automation expand, according to , Chief Officer at Keeper .

Barney was responding to a recent by Wiz that identified exposed API keys, tokens and other programmatic secrets across major AI developers. He said such exposures reveal how quickly machine-to-machine connections can grow as development scales and automation deepens.

“Each of these credentials represents an access pathway that, if left unsecured, can expose sensitive systems or data,” Barney said. He noted that as organisations adopt AI and cloud-native development, the number of non-human accounts continues to increase, often beyond the reach of conventional identity and access management systems.

Advertisement
Digital Senate
Digital Senate
Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.
Register Now →
CIO Prism
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
Register Now →

Barney said that when visibility into machine-based credentials is limited, risk spreads quietly across otherwise well-protected systems. He called for sustained visibility and control through enterprise-wide secrets management, continuous monitoring and automated credential rotation.

“Reducing that risk requires continuous oversight and least-privilege access policies that contain exposure without slowing innovation,” he said. “Treating machine-based credentials with the same rigour applied to human users strengthens both resilience and operational trust.”

He added that combining Privileged Access Management with secrets management could further improve governance by enforcing strict access boundaries and accountability for elevated permissions.

Advertisement

“The Wiz findings serve as a reminder that as technology becomes more intelligent and interconnected, security must advance at the same pace,” Barney said. “The fundamentals still apply: know what identities exist, understand what they can access and ensure those privileges are tightly governed.”

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
Tech Observer Desk
Tech Observer Desk
Tech Observer Desk at TechObserver.in is a team of technology reporters led by a senior editor who brings latest updates and developments from the world of technology.
- Advertisement -
Powered By Veeam Logo
- Advertisement -

Subscribe to our Newsletter

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

Veeam, DSCI sign MoU to build cyber workforce ahead of DPDP deadline

Veeam Software and DSCI have signed an MoU to train cybersecurity professionals and prepare Indian enterprises for the DPDP Act, which takes full effect in May 2027.

RELATED ARTICLES