What did the Wiz report reveal about secrets leaks in AI companies?

The Wiz report found that 65% of Forbes AI 50 companies leaked secrets such as API keys, model access tokens, and credentials across GitHub repos, forks, gists, SaaS systems, and development tools. These exposures often appeared in places teams don’t normally scan, like notebooks, logs, VS Code extensions, and support portals. This highlights the widespread and difficult-to-contain nature of secret sprawl in AI-driven organizations.

How does secret sprawl occur in AI development workflows?

Secret sprawl happens when credentials are scattered across various development and collaboration surfaces, including deleted forks, commit histories, gists, notebooks, logs, and SaaS platforms. AI-assisted coding and rapid experimentation cycles further increase the risk, as credentials can land in temporary files or tools with little governance.

What types of credentials are most commonly leaked in AI pipelines?

Commonly leaked credentials include API keys, model access tokens, authentication tokens for platforms like LangChain, HuggingFace, Weights & Biases, and vector databases. These can provide access to private model weights, training datasets, and internal organizational structures.

Why can't traditional scanning tools fully address secrets leaks in AI?

Traditional scanning tools often miss secrets hidden in commit histories, deleted forks, gists, notebooks, logs, and personal repositories. Attackers increasingly target these overlooked surfaces, while AI-driven development generates credentials at a velocity that legacy security models cannot track.

What is the "identity explosion" in AI environments?

AI-native companies generate non-human identities at unprecedented speed, with agents, workflows, and orchestration layers creating new access requirements for each run or task. This surge outpaces existing governance models, which are often designed for human identities and struggle to classify or track machine identities and their credentials.

What is secretless authentication and how does it help AI security?

Secretless authentication means AI agents authenticate with their native infrastructure identity, and Akeyless issues temporary credentials only at runtime. This eliminates API keys or tokens in code, prompts, or pipelines, reducing the risk of leaks and unauthorized access.

How does Akeyless enable privileged AI agent access?

Akeyless enables sensitive operations to run through monitored, zero-standing-privilege channels with full session visibility and termination capabilities. This ensures that AI agents only have access when needed and all actions are auditable.

What integrations does Akeyless offer for AI and DevOps workflows?

Akeyless offers integrations with VS Code, Cursor, GitHub Copilot, AWS IAM, Azure AD, Jenkins, Kubernetes, Terraform, and more. These integrations keep secrets out of developer workflows and enable secure, automated credential management. For a full list, visit Akeyless Integrations.

How does Akeyless support unified governance for humans, machines, and AI agents?

Akeyless provides a single control plane to manage identities and access for humans, machines, and AI agents. It offers complete auditability, zero-knowledge protection, and policy-driven access controls across hybrid and multi-cloud environments.

What are the main pain points Akeyless solves for AI-driven organizations?

Akeyless addresses secret sprawl, the Secret Zero Problem, standing privileges, integration challenges, and operational overhead. It centralizes secrets management, automates credential rotation, and enforces zero-trust access, reducing risk and improving efficiency.

How does Akeyless help prevent secrets leaks in AI pipelines and notebooks?

Akeyless eliminates the need for hardcoded secrets by issuing ephemeral, just-in-time credentials. This prevents secrets from appearing in code, notebooks, logs, and other surfaces where they could be leaked.

What is the role of ephemeral, just-in-time identities in AI security?

Ephemeral, just-in-time identities ensure that credentials exist only when needed and vanish after use. This minimizes the risk of leaks and unauthorized access, especially in dynamic AI environments where agents and workflows are constantly created and destroyed.

How does Akeyless integrate with popular AI development tools?

Akeyless integrates with VS Code, GitHub Copilot, and other AI development tools to keep secrets out of developer workflows. Developers and AI assistants can retrieve credentials securely through natural interactions, improving both security and productivity.

What is the impact of leaked credentials on AI companies?

Leaked credentials can provide access to private model weights, training datasets, internal system mappings, and enterprise-grade resources. In sectors where proprietary data and models are core assets, a single leaked secret can undermine years of R&D and expose organizations to significant risk.

How does Akeyless support compliance and auditability in AI environments?

Akeyless adheres to international standards like ISO 27001, SOC 2 Type II, FIPS 140-2, PCI DSS, CSA STAR, and DORA. It provides detailed audit logs and unified governance for all identities, supporting regulatory compliance and audit readiness.

What resources are available for learning about Akeyless's AI security solutions?

Akeyless offers solution briefs, technical documentation, tutorials, platform demos, and self-guided product tours. These resources help users understand and implement Akeyless's AI security solutions effectively.

What are the key features of the Akeyless platform?

Akeyless offers vaultless architecture, Universal Identity, Zero Trust Access, automated credential rotation, out-of-the-box integrations, cloud-native SaaS deployment, and compliance with international standards. These features enhance security, scalability, and operational efficiency.

Does Akeyless support API access and SDKs?

Yes, Akeyless provides an API for its platform and supports SDKs for Ruby, Python, and Node.js, enabling integration with custom workflows and automation.

What compliance certifications does Akeyless hold?

Akeyless holds SOC 2 Type II, ISO 27001, FIPS 140-2, PCI DSS, CSA STAR, and DORA compliance certifications, demonstrating its commitment to security and regulatory standards.

How does Akeyless automate credential rotation?

Akeyless automates credential rotation for secrets such as API keys, passwords, and certificates, ensuring they are always up-to-date and reducing the risk of breaches due to stale credentials.

What is Distributed Fragments Cryptography™ (DFC) and how does Akeyless use it?

Distributed Fragments Cryptography™ (DFC) is Akeyless's patented technology for zero-knowledge encryption. It ensures that no third party, including Akeyless, can access your secrets, providing maximum data privacy and security.

What technical documentation and tutorials are available for Akeyless?

Akeyless provides comprehensive technical documentation and step-by-step tutorials to assist users in understanding and implementing its solutions. These resources are available at Technical Docs and Tutorials.

Who can benefit from using Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, marketing, manufacturing, software development, banking, healthcare, and retail.

What business impact can customers expect from Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance and provisioning time), scalability, compliance, and improved collaboration. Real-world case studies from Progress and Cimpress demonstrate these benefits.

How easy is it to implement and start using Akeyless?

Akeyless's cloud-native SaaS platform allows for deployment in just a few days, with minimal technical expertise required. Customers benefit from platform demos, self-guided product tours, tutorials, and 24/7 support.

Can you share specific customer success stories with Akeyless?

Yes. Wix enhanced security and operational efficiency with centralized secrets management. Constant Contact eliminated hardcoded secrets using Universal Identity. Cimpress achieved a 270% increase in user adoption after switching to Akeyless. Progress saved 70% of maintenance and provisioning time.

How does Akeyless compare to HashiCorp Vault?

Akeyless uses a vaultless architecture, eliminating the need for heavy infrastructure and reducing costs and complexity. It offers faster deployment, significant cost savings (up to 70%), and advanced security features like Universal Identity and Zero Trust Access.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers better integration across diverse environments, and provides advanced features like automated secrets rotation and Zero Trust Access. Its SaaS model is cost-effective and flexible.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, eliminating the need for multiple tools. It streamlines operations, reduces costs and complexity, and integrates seamlessly with DevOps tools.

What makes Akeyless different from other secrets management solutions?

Akeyless stands out with its vaultless architecture, Universal Identity, Zero Trust Access, cloud-native SaaS deployment, cost efficiency, and seamless integrations. It addresses critical pain points more effectively than traditional solutions.

What technical requirements are needed to deploy Akeyless?

Akeyless is a cloud-native SaaS platform, requiring no heavy infrastructure. Deployment can be completed in just a few days, and minimal technical expertise is needed due to its intuitive interface and pre-configured workflows.

What support resources are available for Akeyless customers?

Akeyless offers 24/7 support, a Slack support channel, platform demos, product tours, tutorials, and technical documentation to assist customers during setup and ongoing use.

How do customers rate the ease of use of Akeyless?

Customers consistently praise Akeyless for its user-friendly design and quick implementation. Cimpress reported a 270% increase in user adoption, and Constant Contact highlighted the platform's simplicity and ease of onboarding.

What industries are represented in Akeyless's case studies?

Akeyless's case studies cover technology, marketing and communications, manufacturing, software development, banking and finance, healthcare, and retail.

When was this page last updated?

This page wast last updated on 12/12/2025 .

What the Wiz Report Reveals About AI Secrets (And Why Scanning Won't Fix It)

Posted by Suresh Sathyamurthy
November 26, 2025

Summary:

Wiz found that 65% of Forbes AI 50 companies leaked secrets across GitHub repos, forks, gists, SaaS systems, and development tools. These exposures included API keys, model access tokens, and credentials tied to core AI pipelines, often appearing in places teams don’t normally scan, like notebooks, logs, VS Code extensions, and support portals. The takeaway is clear: AI development introduces far more identities, tokens, and access paths than traditional security practices were designed to handle, making secret sprawl both widespread and difficult to contain. Akeyless addresses this by replacing static credentials with ephemeral, just-in-time access, so there are no secrets to leak in the first place.

Wiz recently published a report that found 65% of the Forbes AI 50 have leaked verified secrets on GitHub. API keys, authentication tokens, and credentials, lurking in repositories across some of the most valuable AI companies in the world. This confirms what many CISOs and security teams already suspected: traditional controls can’t keep pace with how AI-driven organizations generate and expose credentials.

But the headline number isn’t the biggest story. The real concern is where these secrets were hiding and what that reveals about how AI development actually works. This isn’t a case of a few careless startups pushing AWS keys to public repos. Wiz went deep into commit histories, deleted forks, workflow logs, gists, and the personal repositories of organizational contributors. The kinds of places most security scanners don’t reach, but attackers increasingly do.

What Wiz Found and Why It Matters

The Wiz findings extend beyond GitHub. When taken together with related research and recent breaches, it shows a pattern of leaked credentials across a sprawl of development and collaboration surfaces, including:

Deleted forks, commit histories, and gists: the dark corners of version control where attackers increasingly hunt but most scanners don’t
Developer ecosystems like VS Code extensions, where Wiz separately found over 550 leaked secrets across 500+ extensions, including keys for AI platforms
AI-assisted code, where research suggests repositories using Copilot leak secrets at higher rates, as AI-generated code quietly propagates plaintext credentials faster than humans can review
AI pipelines, where tokens for LangChain, HuggingFace, Weights & Biases, and vector databases leak into notebooks, logs, and orchestration code
Personal repositories, where well-meaning contributors accidentally check in company secrets with zero organizational visibility
SaaS platforms, as demonstrated in the recent Salesloft Drift breach, which eventually allowed attackers to harvest credentials from Salesforce support cases across 700+ organizations

The Real Problem Is the Secrets No One Knows To Look For

AI environments generate machine identities at a velocity that legacy security models were never designed to handle. Every new agent, notebook, connector, integration, or LLM-driven workflow creates another identity, another credential. Many of these are long-lived, over-privileged, and unmonitored. The result is constant drift, with secrets bleeding into places no one expects and few organizations monitor.

Wiz’s disclosure results highlighted the operational strain: nearly half of alerts didn’t reach the right contact or received no response at all. These are companies worth over $400 billion collectively. This isn’t about negligence; it’s a sign that the identity surface has grown faster than security operations can track.

In short, this isn’t a “GitHub leak” problem, it’s a secrets–everywhere problem.

So what do you actually do about it? We’ve distilled five takeaways from the Wiz findings that go beyond “scan more repos.”

Takeaway #1: Secret Sprawl Is Expanding Into Places Most Teams Never Check

The Wiz research makes one thing clear: secrets aren’t just leaking from the primary codebase. They’re surfacing across a long tail of development and collaboration surfaces that most organizations never examine.

Where secrets were found:

GitHub’s hidden surfaces: full commit histories, forks, deleted forks, workflow logs, contributor repos, and gists (lightweight shareable mini-repos with their own Git history and forks)
SaaS systems: For example, in the Salesloft-Drift breach mentioned earlier, attackers used stolen OAuth tokens from the Drift chatbot integration to access Salesforce customer support cases containing logs, credentials, and API tokens uploaded during troubleshooting
Peripheral AI tooling: credentials tied to model hosting, vector databases, and orchestration frameworks appeared in notebooks, configs, or scratch files far outside traditional scanning paths

This spread reflects a broader reality: as AI companies scale, their secrets don’t stay where they’re created. They move, replicate, and persist in places teams rarely think to monitor.

Takeaway #2: AI Development Environments Are High-Risk Surfaces

AI engineering stacks prioritize speed and autonomy. That’s the point. But it also means they generate secrets in places traditional DevSecOps workflows just weren’t designed to govern.

How AI development increases exposure:

AI-assisted coding: Generative tools create or modify configs, scripts, and scaffolding that sometimes include plaintext credentials or insecure patterns
IDE extensions as supply chain: A Wiz scan of the VS Code Marketplace and Open VSX Registry uncovered 550+ validated secrets embedded directly in extension packages, including AI-related tokens, all downloadable by anyone
Experimentation-driven workflows: Shared notebooks, sandbox repos, orchestrators, and rapid iteration cycles make it easy for credentials to land in temporary files, logs, or collaboration tools with no governance

As AI tooling becomes the new foundation of software development, these environments are turning into high-risk surfaces that rarely appear on traditional security dashboards.

Takeaway #3: These Leaks Carry Substantial Risk

It’s tempting to assume that most leaked credentials are low-impact: test keys, expired tokens, sandbox access. The Wiz findings suggest otherwise.

What leaked credentials could access:

Private model weights: One case uncovered a token granting access to internal AI model files, potentially enabling replication or theft.
Training datasets and pipelines: API keys tied to HuggingFace, vector databases, and LangChain frameworks provided access to sensitive datasets and inference parameters.
Internal organizational structures: According to the report, secrets exposed architectural details and system mappings, widening the attack surface.
Enterprise-grade access: Several of the leaked credentials weren’t personal developer tokens at all. They were organization-level keys with broad permissions.

In a sector where product value centers on proprietary data and models, a single leaked secret can undermine years of R&D.

Takeaway #4: The AI Identity Explosion Is Outpacing Existing Governance Models

AI-native companies are generating non-human identities at unprecedented speed, yet most governance frameworks still assume humans are the primary identity type. They don’t classify machine identities well. They don’t track the lifecycle of credentials tied to short-lived processes and weren’t designed for an environment where the identity population can double in a quarter.

What’s driving the identity surge:

Proliferating agents and workflows: AI agents and automated workflows are rapidly outnumbering human identities, creating new access requirements with each run or task
Service-to-service connections: Each agent-to-service connection (model endpoint, vector DB, embedding API, evaluation system) requires its own authentication material
Ephemeral components: Model orchestration frameworks generate short-lived experiments, artifacts, and pipeline stages, each with associated credentials or tokens
Gaps in traditional tooling: Conventional IAM tools don’t track or classify these machine identities, leaving large portions of the access ecosystem unmanaged

Credentials leak because they exist in volumes that exceed what current governance models can absorb. The sprawl isn’t a bug in developer behavior. It’s a feature of how AI systems operate.

Takeaway #5: Static Credentials Cannot Survive the AI Era

If there’s a single thread running through all of this research, it’s that static credentials and AI development are fundamentally incompatible. Traditional “rotate and scan” hygiene models cannot keep pace.

Why static secrets fail in AI environments:

Agents can leak their own secrets: AI agents can unintentionally reveal credentials when manipulated or through prompt injection, as demonstrated at Black Hat and referenced in multiple analyses
Secrets appear beyond source code: Credentials surface in logs, prompts, configs, and notebooks, making complete coverage through traditional scanning impossible
Volume accelerates drift: High-volume machine interactions mean every agent, workflow, or pipeline creates more credentials, compounding exposure over time
Broad API access is the norm: AI-native stacks depend on extensive API connectivity, increasing both the number and privilege level of tokens in circulation

The conclusion is hard to avoid. In AI-driven environments, any credential that persists long enough will eventually end up somewhere it shouldn’t.

What These Takeaways Reveal About the Real Challenge Ahead

Looked at individually, each takeaway from the Wiz report points to a specific failure mode: secrets ending up in unexpected places, high-risk development environments, exposed AI model access, and an identity population growing faster than governance can keep up.

Taken together, they reveal something deeper: AI companies don’t have a secrets problem. They have an identity problem.

AI agents, workflows, plugins, orchestration layers, and model endpoints now generate vast numbers of machine identities. Each one needs authentication. Each one produces new credentials. And each one creates new opportunities for drift. Secrets aren’t being leaked because developers are careless. They’re being leaked because AI systems create more identities, more access patterns, and more credentials than legacy processes were designed to control.

Traditional secrets-management strategies were built for stable infrastructure and predictable pipelines. AI is neither.

Secrets now appear in:

Notebooks, scratch files, and experiment artifacts
VS Code extensions and AI-assisted coding tools
SaaS platforms and support portals
Gists, forks, and personal repos
Model hosting endpoints and vector databases
Orchestration frameworks that spin up dynamic components

The velocity of change means any static credential, even a short-lived one, becomes a liability the moment it lands somewhere unexpected.

The path forward is not better scanning. It’s a new identity model, built around:

Secretless authentication
Ephemeral, just-in-time identities
Policy-driven access instead of long-lived keys
Governance that treats AI agents as first-class identities
Unified visibility across humans, machines, and autonomous systems

Akeyless: Identity Security Built for the AI Era

Addressing these challenges requires more than better scanning or developer training. It requires an identity architecture designed for environments where AI agents, workflows, and automation continuously create new access needs, and where any exposed credential can undermine core IP.

The Akeyless AI Agent Identity Security solution gives AI agents real, verifiable identities and replaces hardcoded keys with secretless, short-lived access that appears only at runtime and vanishes when the task ends. By removing long-lived credentials entirely, it prevents the kinds of leaks highlighted across the Wiz findings: not just in GitHub, but in notebooks, logs, extensions, and SaaS systems.

What this makes possible:

Secretless AI: No API keys or tokens in code, prompts, or pipelines. Agents authenticate with their native infrastructure identity, and Akeyless issues temporary credentials only when needed.
Real AI agent identities: Ephemeral, policy-controlled identities replace static secrets and authenticate securely across clouds, SaaS, and on-prem environments.
Privileged AI agent access: Sensitive operations run through monitored, zero-standing-privilege channels with full session visibility and termination capabilities.
Developer-first experience: Integrations with VS Code, Cursor, and GitHub Copilot keep secrets out of developer workflows entirely, allowing developers and AI assistants to retrieve credentials securely through natural interactions.
Unified governance: One control plane to manage humans, machines, and AI agents, with complete auditability and zero-knowledge protection.

Read the solution brief to learn more.

The Path Forward

The Wiz findings aren’t an indictment of any single company’s security practices. They’re a snapshot of a structural problem: AI systems produce more identities and access paths than legacy security models were built to handle. A few years ago, no one was checking VS Code extensions for leaked tokens. Nobody was scanning deleted forks or gists. They didn’t expect to find credentials in Salesforce support tickets or Jupyter notebooks. Now these are documented attack surfaces. And as AI teams scale, this spread only accelerates.

Akeyless makes it possible to move fast with AI while keeping secrets out of code, prompts, and tools by default. No keys to leak because no keys exist in the first place. To see Akeyless AI Agent Identity Security in action, request a demo today.

Table of Contents

Frequently Asked Questions

AI Secrets Management & Identity Security