Exposure Report: 65% of Leading AI Companies Found with Verified Secret Leaks

This research analyzes the public and deep GitHub footprints of Forbes AI 50 companies and reports that about 65% had verified secret leaks—API keys, tokens, and credentials found in commit histories, deleted forks, gists, and developer repos. The study describes a 'Depth, Perimeter, and Coverage' methodology to uncover buried exposures, provides example cases (LangChain, ElevenLabs, HuggingFace), highlights disclosure challenges, and recommends mandatory public VCS secret scanning, disclosure preparedness, and expanding secret-type detection.