What we are witnessing is not a series of isolated incidents, but a systemic crisis of negligence. As organisations stampede towards integrating AI into every conceivable product, they are building towering structures on quicksand. The speed of development has completely outpaced security discipline, creating a debt that is about to be called in. This isn’t a future problem. It’s a now problem, and the scale of it is staggering.
A House of Cards Worth Billions
If you wanted a single report to send a chill down the spine of every CISO and board member in the country, the recent Wiz research is it. The findings are not just concerning; they are a klaxon sounding across the entire industry. Wiz researchers analysed 50 of the world’s leading AI-native companies and what they found was a security posture that can only be described as shockingly amateurish.
According to their investigation, a jaw-dropping 65 percent of these firms had leaked sensitive credentials, like API keys and tokens, directly onto public GitHub repositories. Let that sink in. These aren’t minor players; the companies implicated in the research have a combined valuation of over $400 billion. We’re talking about organisations like LangChain, ElevenLabs, HuggingFace, and WeightsAndBiases—the very plumbing of the modern AI ecosystem. It seems the race to innovate has left basic security hygiene in the dust.
Leaking an API key is the digital equivalent of mailing the keys to your entire corporate kingdom to a random address and hoping for the best. Glyn Morgan, a researcher at Wiz, rightly pointed out, “When AI firms accidentally expose their API keys they lay bare a glaring avoidable security failure”. In one instance, a single exposed token discovered by Wiz granted access to approximately 1,000 private models. This isn’t just about intellectual property theft; it’s about giving unknown actors the ability to manipulate models, access proprietary training data, and potentially poison the well for thousands of downstream customers. The potential for catastrophic failure here is immense.
The Deafening Silence of Disclosure
Perhaps more disturbing than the initial vulnerabilities themselves is the black hole of communication that follows. The Wiz report documents a dismal state of disclosure failures. When a white-hat hacker or a security firm finds a vulnerability, there is a standard, ethical protocol for disclosing it to the company so they can fix it before it is exploited. This is the responsible thing to do. So, what happens when you try to tell a multi-billion dollar AI company its digital crown jewels are exposed?
Apparently, not much.
The Wiz team found that in nearly half of their disclosure attempts, they either failed to reach the right contact or simply received no response at all. This indicates a profound lack of security maturity. A truly mature organisation has clear, accessible channels for security reports—like a .well-known/security.txt file or a dedicated email address—and a team empowered to act on them. The silence from these AI firms suggests they have neither. They are flying a multi-billion dollar aircraft without an air traffic control system, completely deaf to warnings that their engines are on fire.
This isn’t just bad practice; it’s a cultural rot. It says that security is not a priority. It is an afterthought, a nuisance to be dealt with later, if at all. This attitude practically invites malicious actors to exploit these weaknesses, knowing that the chances of being caught, or even of their activity being noticed, are slim to none.
The Illusion of Security Maturity
‘Security maturity’ is more than just a buzzword; it is a measure of an organisation’s ability to manage and mitigate risk proactively. A mature organisation integrates security into its development lifecycle from day one. An immature one bolts it on at the end, or worse, waits for a breach to happen before taking it seriously. The Wiz report makes it painfully clear that a huge swathe of the AI industry is stuck in the latter camp.
Many of these companies are likely running traditional security scans, ticking a box for compliance and assuming they are safe. However, the research published by Artificial Intelligence News on the Wiz findings shows that these old methods are no longer fit for purpose. They are designed for a world of static applications, not the sprawling, dynamic, and interconnected world of AI development. Secrets and keys can be buried deep within configuration files, developer notebooks, or transient cloud environments—places traditional scanners simply do not look.
This reliance on outdated tools creates a false sense of security. Boards and executives see a clean security report and assume all is well, while critical secrets are bleeding out onto the public internet. Building a truly mature security posture for AI means rethinking the entire approach. It requires a mindset shift, from a reactive, checklist-based mentality to a proactive, adversarial one, where you are constantly hunting for your own weaknesses before someone else does.
Your AI is Only as Secure as Its Weakest Partner
The modern AI stack is not a monolith. It’s a complex ecosystem of models, platforms, libraries, and APIs, all stitched together. This creates an enormous surface area for an attack, and a significant portion of that is third-party risk. When you integrate a model from Hugging Face or use a tool from LangChain, you are implicitly trusting their security practices. You are tethering your organisation’s fate to theirs.
If a vendor you rely on experiences a breach, that breach becomes your problem. The credentials leaked by one of Wiz’s targets could have belonged to a partner, giving an attacker a foothold not just in the AI firm itself, but in every company that partner served. This is the insidious nature of supply chain risk. It multiplies the potential impact of a single security failure exponentially.
Organisations can no longer afford to take their vendors’ security claims at face value. A rigorous vendor security assessment is non-negotiable. This means asking hard questions:
* What are your policies for secret management and version control?
* Can you show us evidence of your security testing protocols?
* What is your process for handling security disclosures?
If a potential AI partner cannot provide clear, confident answers to these questions, walking away might be the most secure decision you can make. The convenience of a new AI tool is not worth the risk of a company-ending breach.
A New Dimension for AI Security
So, what is the way forward? Simply telling developers to “be more careful” is a losing strategy. The pressure to ship code quickly is immense, and human error is inevitable. According to the analysis by Wiz, what is needed is a fundamental change in how we find and fix these issues. They propose a three-dimensional security scanning approach that addresses the unique challenges of the AI development landscape.
1. Depth: Security tools must go deeper than surface-level scans. They need to parse developer notebooks, configuration files, and infrastructure-as-code templates—the places where secrets are most likely to be accidentally embedded.
2. Perimeter: The perimeter is no longer just the corporate network; it is every public and private code repository, every cloud service, and every developer’s laptop. Scanning must cover this entire, expanded perimeter.
3. Coverage: It is crucial to have 100% visibility. You cannot protect what you cannot see. This means enforcing strict Version Control System (VCS) policies to ensure all code, and its entire history, is accounted for and scanned. There can be no shadow IT or rogue repositories.
This three-dimensional view is a far more realistic and robust model for modern AI vulnerability management. It pairs technological solutions with strict internal policies, particularly around employee access and code contribution. It moves security from a passive, reactive function to an active, always-on hunt for vulnerabilities.
The Time for Excuses is Over
The findings from the Wiz research are a wake-up call, but they should also be a turning point. The AI industry is at a crossroads. It can continue down this path of reckless innovation, prioritising speed over safety, and wait for the inevitable, headline-grabbing mega-breach that brings the whole house of cards down. Or, it can grow up.
Bolstering AI vulnerability management is not a choice; it is an existential necessity. Organisations must invest in the tools, processes, and—most importantly—the culture required to build securely from the ground up. This means fixing the glaring problem of disclosure failures, getting serious about security maturity, and understanding the spiderweb of third-party risk that underpins this entire industry.
The AI revolution holds incredible promise, but that promise will be shattered if its foundations are rotten. The technology is new, but the principles of good security are not. The time for excuses is over. The question now for every company in this space is simple: are you going to be part of the problem, or part of the solution? What steps will you take tomorrow to ensure you are not the next cautionary tale?
