65% of leading AI firms found leaking secrets on GitHub

Author

Taylor Hawes
November 14, 2025

⚡ Weekend Threat Brief

65% of leading AI firms found leaking secrets on GitHub

A study by Wiz Security revealed that 65% of leading AI-firms had verified leaks of sensitive credentials (API keys, tokens, training-data access) on GitHub—including deleted forks and personal developer repos. These leaks expose core assets such as private models, organizational structures and critical tooling. 

The research highlights three dimensions: 

  • ‘depth’ (history and deleted forks)

  • ‘perimeter’ (developer personal repos) 

  • ‘coverage’ (tokens tied to AI-specific platforms such as LangChain, Weights & Biases and ElevenLabs).

Takeaway: For organizations in the AI space this means the risk is no longer just a gap in traditional development hygiene—it is about embedded secrets across collaboration platforms and development workflows. Mitigations recommended include full secret-scanning of public repos, oversight of developers’ personal accounts tagged to work assets, and token-specific detection policies.

🎯 Tactical Playbook

The United States must step up its efforts to counter cyber-threats posed by the group of states known as “CRINK”

This argument emphasises that these states not only pose separate threats but increasingly coordinate operations, targeting infrastructure, supply chains, and digital ecosystems in allied nations. The 2024 U.S. Intelligence Community assessment highlighted this growing collaboration. 

From a tactical viewpoint for enterprise and government risk professionals, key take-aways include: raising awareness of threat actor collaboration rather than viewing each adversary in isolation; assessing supply-chain exposure with a broader geopolitical lens; and aligning defensive frameworks (e.g., NIST Cybersecurity Framework) to account for cross-domain attacks rather than siloed cyber incidents. 

Tactical tip: Review cyber-posture not just for known adversaries but for coordinated state-sponsored threat groups, strengthen incident response plans for multi-vector campaigns, and integrate intelligence updates into board-level risk governance.

🛡️ Research Watch

CISA flags active exploitation of critical Cisco firewall flaws – agencies urged to patch now

The Cybersecurity and Infrastructure Security Agency (CISA) has warned that two critical flaws in Cisco Adaptive Security Appliance (ASA) software are under active exploitation within U.S. federal agencies.

The advisory notes that the vulnerabilities have been exploited by an “advanced” threat actor since September, prompting an emergency directive requiring affected agencies to patch or mitigate. Some agencies, however, remain unpatched and therefore exposed.

For enterprise risk and compliance professionals this finding demands immediate attention: firewall infrastructure remains a critical control layer, and active exploitation highlights the need to verify patch status, review firewall logs for unusual access, and validate that compensating controls (segmentation, monitoring) are in place if patching is delayed.

🧩 Tool Tip of the Week

How to get maximum value from Domotz’s ping, latency and packet-loss visibility

Domotz stands out for its Ping-based visibility and device-monitoring features. It offers full-site network discovery, historical ping data, internet path and route monitoring, and integration with alerts. Specifically, the tool allows administrators to run ping bursts or scheduled pings across devices, store historical responsiveness data for trend analysis, and integrate custom scripts for monitoring workflows. 

For a corporate-IT audience responsible for network operations and performance monitoring, this means you can use Domotz to detect device outages and track degradation in responsiveness, abnormal latency surges, or packet-loss trends that might signal deeper network-path issues.

Implementation tip: Begin by setting up the Domotz agent on a representative server within each site, enable ping-monitoring for key infrastructure (firewalls, core switches, WAN routers), define alert thresholds (e.g., latency >100 ms, packet-loss >2 %), and review historical results weekly to surface creeping degradation before outages occur.

🗣️ Community Signal

I will say we are talking about cybersecurity a whole lot more than we were three to four years ago, primarily because the healthcare sector has become such a big, rich, juicy target. It's as if they moved on from the financial services sector. Willie Sutton robbed banks because that is where the money is; they did that with mouse clicks on the financial sector but, now they are doing it on the healthcare sector. Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council.

🗳️ Your Take - The Results

Growing regulatory demand seems to be the defining aspect for 2026’s cyber defense strategy.

Advertise with Comparitech
Does your business offer services or products in cybersecurity? Get your product seen by IT leaders and professionals.

Advertise with us →

Until Monday’s edition - Let’s keep that zero-day count at zero!