Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

Truffle Security analyzed a December 2024 archive from Common Crawl, an open repository of web crawl data containing over 250 billion pages spanning 18 years. The 400TB dataset included 90,000 WARC files and data from 47.5 million hosts across 38.3 million registered domains. The analysis discovered nearly 12,000 live secrets across 219 different secret types, including Amazon Web Services root keys, Slack webhooks, and Mailchimp API keys. These credentials successfully authenticate with their respective services, meaning they could be exploited by malicious actors. The report notes that LLMs trained on this data cannot distinguish between valid and invalid secrets, potentially reinforcing insecure coding practices when the models suggest code examples to users. The incident highlights broader security vulnerabilities in AI training datasets, with additional research showing that even fine-tuning models on insecure code examples can lead to emergent misalignment behaviors beyond just coding tasks. The discovery follows related findings about Microsoft Copilot exposing private repository data and various AI systems being vulnerable to jailbreaking attacks that bypass safety controls.