TL;DR: AI-related secrets rose about 140% in one year across 11,000 anonymised customer environments, according to SentinelOne, while 88% of organisations now use AI in at least one business function, expanding the cloud attack surface and making exposed keys more likely to drive data leakage and prompt manipulation. The practical issue is no longer secret discovery alone but governed issuance, rotation, and usage control.
NHIMG editorial — based on content published by SentinelOne: AI and Cloud Verified Exploit Paths and Secrets Scanning Report
By the numbers:
- AI-related secrets such as OpenAI API keys and Azure OpenAI API keys increased by approximately 140% in a span of one year.
- Almost 88% of organizations now leverage AI in at least one business function.
Questions worth separating out
Q: How should security teams govern AI API keys as non-human identities?
A: Treat AI API keys as governed non-human identities with named ownership, scoped permissions, time-bound access, and revocation authority.
Q: Why do exposed AI secrets create more risk than ordinary cloud credentials?
A: AI secrets often sit between data sources, model access, and downstream business systems, so a single key can expose prompts, outputs, and linked datasets while also enabling access to adjacent services.
Q: What do teams get wrong about shadow AI and credential sprawl?
A: They treat shadow AI as a usage problem instead of a credential governance problem.
Practitioner guidance
- Classify AI keys as governed NHI assets Assign explicit owners, business purpose, and expiration rules to every AI credential, including keys used in support, finance, analytics, and product workflows.
- Eliminate personal and duplicated AI credentials Replace unmanaged or personal LLM keys with centrally issued credentials and block reuse across repositories, scripts, and SaaS configurations.
- Tie secret scanning to revocation and rotation Use discovery to trigger revocation or rotation when AI keys appear in code, pipeline variables, or exposed configuration files, rather than treating detection as the endpoint.
What's in the full report
SentinelOne's full report covers the operational detail this post intentionally leaves for the source:
- Telemetry-backed breakdown of how AI-specific secrets are distributed across customer environments
- Exploit path examples showing how exposed keys connect to cloud services, AI systems, and CI/CD pipelines
- Control recommendations for continuous surface monitoring, DevSecOps automation, and AI credential governance
- Examples of the specific legacy CVEs and misconfigurations that attackers use as entry points
👉 Read SentinelOne’s report on AI and cloud secrets exposure →
AI and cloud secrets exposure: what security teams need to act on?
Explore further
AI keys are now governed as non-human identities, not as ordinary application settings. The report shows these credentials are copied, reused, and embedded across business workflows, which means their risk profile is closer to a service account than to a feature toggle. That shifts the governance question from where the key sits to who owns it, how it is scoped, and whether lifecycle controls exist at all. Practitioners should treat AI credentials as first-class NHI assets.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- The same report says only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an AI key is copied into multiple systems and later abused?
A: Accountability sits with the team that issued, approved, or tolerated the unmanaged credential path, not with the attacker who exploited it. Governance teams need clear ownership for AI credentials, documented approval chains, and revocation responsibility so that copied keys do not become nobody’s problem.
👉 Read our full editorial: AI and cloud secrets exposure is expanding the enterprise attack surface