32 comments

[ 3.7 ms ] story [ 48.8 ms ] thread
(comment deleted)
I think one thing that people are sleeping on is passing a ton of secrets to OpenAI and Anthropic or your OpenRouter by having a .env or secrets on disk in your repo, but not checked in

Your LLM will happily read the entire file, ship it off to be training data for future versions of ChatGPT, and not raise any flags, because let's be fair it was on ok thing to check if all the env vars were set, or it you had set up the database password for the app.

It's time for orgs to audit and rotate secrets wherever they are stored in disk or in logs, and switch to SOPS or Vault or whatever to keep these out if plaintext except exactly when needed.

In fairness, any secrets in your .env file in your development tree shouldn't have very important secrets. They should be limited access dev secrets and any secrets that go to "production" systems like an OpenAI dev environment should be limited, where possible.

Besides leaking, it's easy to oopsie and DoS a system or send malformed requests in the course of testing and development. You don't want a surprise $1k bill cause someone was working on some test automation and accidentally sent thousands of real results in the process.

Plug for my buddy's project: http://agentsh.org/

Block agents from misbehaving at the OS level instead of asking them to behave.

They also uploaded sensitive docs in chatgpt [1]

[1] https://www.politico.com/news/2026/01/27/cisa-madhu-gottumuk...

I feel like this piece is framed incorrectly.

Imagine joining an organization with 3k employees in 2025 and not having access to an LLM.

It’s well known that the federal govt over-classifies many documents. This former CISA head alleged dumped “for official use” documents. Obviously, he should have pushed for the chatgpt enterprise account (or equivalent) but we dont know what bureaucratic obstacles he was up against.

Yet another argument for the death of the API key. Replacements abound; let's get on with it.
>Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive.

obviously leaking the credentials itself is crazy, given that its (a contractor to) CISA, but to not respond when notified? crazy crazy.

but wait! it gets worse somehow

"“AWS-Workspace-Firefox-Passwords.csv” — listed plaintext usernames and passwords for dozens of internal CISA systems"

while i understand and sympathize with the fact that CISA is kind of being gutted, a passwords.csv with weak passwords is inexcusable incompetence. not much budget is required for a password manager.

embarrassing all around.

> but this administration clearly had no idea what they were getting themselves into and did not plan accordingly.
Looks like someone needs to go take 27 training modules. That'll fix it.
What makes this truly sad is that the federal government has had smartcard-based authentication (CAC) for decades. Yet because the public internet stack runs on passwords, so too does government infrastructure.
I would be fired for this. Probably not able to ask for a refenerce and forever be the butt of a joke between friends and colleagues.

Seems like no big deal for CISA. Defunded really paying off now.

Do they not believe in encrypted files?
Uh, so it says this dates from Nov 2025.

Nov 2025 was also when most of us learned about the acting Chief Security Officer at DHS, whose name AND photo seem exactly like the calling card of someone who had these "keys to the kingdom". https://bsky.app/profile/andylevy.net/post/3m6ivhnthts2o

I want to believe...

This seems like an act of sabotage disguised as incompetence.
(comment deleted)
I'm surprised that this has apparently been ongoing for 6-7 months. I thought outfits like GitGuardian, or solo researchers with trufflehog (etc) would find leaked keys in days, not months. Maybe this is related to the major growth of github? The scanners can't keep up?
(comment deleted)
Sounds about right. Security is a joke everywhere right now. First to market is all that matters anymore and security is the very first thing to be thrown out when it stands in the way.
(comment deleted)
In 2026, storing government credentials in a repo and not having scanners to flag it should be investigated. I am highly suspicious of anyone doing this in a professional capacity. If I worked at a foreign intelligence agency and saw this, I would first think it's a honeypot, and an unimaginative one because it's so lacking in subtlety.
The repo name was literally "Private-CISA". Would be fun to (a) search through repo names with private/internal/etc in them and (b) search for govt agency / non-tech company that otherwise wouldn't be expected to appear in repo names. Could probably clone them all and then have an LLM quickly scan for interesting stuff.

Also, doesn't Github have its own automated scanner for something as basic as a AWS credential?

Ironically they could have used those AWS keys to use one of the many AWS services that's more secure.

For example S3 (ideally with KMS), Parameter Store (ideally with KMS), EBS, EFS, AWS Secrets Manager, even just KMS to directly encrypt the files

Really any AWS service that supports KMS and doesn't require giving the service principal access to the key