AI firms risk data exposure through leaked credentials on GitHub, says Keeper Security CISO

Leading artificial intelligence companies have been found leaking sensitive credentials on GitHub, underscoring the growing risk of unmanaged machine identities as AI and automation expand, according to Shane Barney, Chief Information Security Officer at Keeper Security.

Barney was responding to a recent report by Wiz that identified exposed API keys, tokens and other programmatic secrets across major AI developers. He said such exposures reveal how quickly machine-to-machine connections can grow as development scales and automation deepens.

“Each of these credentials represents an access pathway that, if left unsecured, can expose sensitive systems or data,” Barney said. He noted that as organisations adopt AI and cloud-native development, the number of non-human accounts continues to increase, often beyond the reach of conventional identity and access management systems.

Advertisement

‹

EVENT

Saksham Bharat 2026

A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.

📅 Tue, 26 May 2026

📍 Mumbai, Bengaluru, Delhi

Register Now →

EVENT

VeeamON 2026 Tour India - Mumbai

A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.

📅 Tue, 26 May 2026

📍 Grand Hyatt, BKC

Register Now →

EVENT

Cyber Surakshit Uttar Pradesh

Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.

📅 Thu, 28 May 2026

📍 Lucknow

Register Now →

EVENT

VeeamON 2026 Tour India - Bengaluru

A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.

📅 Wed, 03 Jun 2026

📍 JW Marriott Hotel

Register Now →

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

Register Now →

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

Barney said that when visibility into machine-based credentials is limited, risk spreads quietly across otherwise well-protected systems. He called for sustained visibility and control through enterprise-wide secrets management, continuous monitoring and automated credential rotation.

“Reducing that risk requires continuous oversight and least-privilege access policies that contain exposure without slowing innovation,” he said. “Treating machine-based credentials with the same rigour applied to human users strengthens both resilience and operational trust.”

He added that combining Privileged Access Management with secrets management could further improve governance by enforcing strict access boundaries and accountability for elevated permissions.

“The Wiz findings serve as a reminder that as technology becomes more intelligent and interconnected, security must advance at the same pace,” Barney said. “The fundamentals still apply: know what identities exist, understand what they can access and ensure those privileges are tightly governed.”