Explosion of AI-Specific Secrets Drives Unprecedented Cloud Risk
A dramatic 140% increase in AI-related credentials—such as OpenAI and Azure OpenAI API keys—over the past year has created a widening gap between enterprise security and the rapid adoption of artificial intelligence. The findings come from SentinelOne’s AI and Cloud Verified Exploit Paths and Secrets Scanning Report, which analyzed telemetry from more than 11,000 anonymized customer environments.
“We’re seeing a perfect storm where the explosion of AI secrets is outpacing traditional security guardrails,” said a senior threat researcher at SentinelOne. “Attackers now have a clear path to exploit these credentials for data exfiltration and manipulation.”
The Rise of Shadow AI
Nearly 88% of organizations now use AI in at least one business function, according to the report. This widespread adoption has fueled a phenomenon known as“shadow AI”—the unauthorized deployment of AI tools without formal IT approval or security oversight.
Developers and internal teams frequently use unmanaged or personal LLM keys to process corporate data outside sanctioned channels. These same API keys are then duplicated across code repositories, SaaS configurations, and development scripts, often with no proper access controls or rotation schedules.
“This credential sprawl makes standard secrets management protocols nearly impossible to enforce,” the researcher added. “Organizations are losing visibility into where and how their AI keys are being used.”
Two Distinct Risk Vectors
Unlike traditional cloud credentials that mainly enable resource manipulation, compromised AI keys introduce unique threat vectors. The report categorizes the risks into two primary areas:
- Data Exposure and Leakage – Unauthorized access via AI keys can expose sensitive or proprietary datasets, embedded business logic, and internal user prompts and outputs, allowing attackers to harvest corporate conversations at scale.
- Prompt Injection and Data Poisoning – Unmanaged AI keys allow threat actors to actively manipulate AI models, injecting malicious prompts or corrupting training data to alter outputs or extract confidential information.
Background
The enterprise risk landscape underwent a paradigm shift in 2025 as AI and large language model (LLM) adoption became the primary driver of cloud risk. Previously, cloud security focused on infrastructure misconfigurations and unauthorized access to storage or compute resources. Now, the convergence of AI secrets with cloud environments creates a highly complex and interconnected attack surface.
SentinelOne’s report draws on customer telemetry to map verified exploit paths, revealing how threat actors are actively exploiting these modern infrastructures. The 140% increase in AI-specific secrets directly correlates with the rapid embedding of AI into customer support systems, internal tooling, financial platforms, and product experiences.
What This Means
The findings underscore an urgent need for centralized governance over how AI keys are issued and utilized. Without robust oversight, organizations risk catastrophic data breaches and model manipulation. Experts recommend implementing rigorous access controls, mandatory credential rotation, and continuous monitoring for unauthorized AI tool usage.
“The clock is ticking for security teams to adapt,” the SentinelOne researcher warned. “If they don’t tighten control over AI credentials now, attackers will continue to exploit this growing vulnerability.”