Security researchers scanning more than 11,000 enterprise environments have found that AI-specific credentials — primarily API keys for services such as OpenAI — are now the fastest-growing category of exposed secrets, up 140% over the previous year.
The finding comes from SentinelOne's AI and Cloud Verified Exploit Paths and Secrets Scanning Report, published today, which mapped credential exposure and attack-path patterns across a customer base of more than 11,000 organisations.
The breadth of what is being exposed is widening as quickly as the volume. Researchers found roughly twice as many distinct types of critical secrets exposed in the period compared with 2024, spanning cloud providers, payment processors, AI platforms, and SaaS services. The growth reflects how rapidly organisations are adopting AI tooling outside formal IT procurement processes — what the researchers call shadow AI — without the credential hygiene controls applied to traditional cloud infrastructure.
Attack paths, the report notes, do not require sophisticated chaining. The most commonly observed entry points are recurring and avoidable: leaked cloud credentials, widely abused vulnerabilities in known CVEs, and misconfigured remote access or administrative endpoints. The pattern suggests the exposure problem is less about novel attacker techniques and more about unmanaged access sprawl as AI adoption accelerates.
SentinelOne is making the full report available at its website. Chris Hosking, its AI and cloud security specialist, is also scheduled to appear at Infosecurity Europe.
