The Hidden Complexity In AI Infrastructure: Why Credentials Are The Real Attack Surface
InnovationThe Hidden Complexity In AI Infrastructure: Why Credentials Are The Real Attack SurfaceBySanthosh Jayaprakash,Forbes Councils Member.for Forbes Technology CouncilCOUNCIL POSTExpertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based)Jun 12, 2026, 08:30am EDTSanthosh Jayaprakash, Founder and CEO, Unosecur | Building Unified Identity Fabric to provide AI-era identity security. gettyIn security, the most consequential failures rarely announce themselves.At Unosecur, we have spent the last several years conducting identity risk assessments across organizations of different sizes, industries and security maturity levels. One pattern has become impossible to ignore: Teams that have invested significantly in perimeter defenses, endpoint protection and vulnerability management are still getting caught off guard—not because their tools failed, but because the attack landed in an area nobody was watching. Currently, that place is AI credential infrastructure.Two recent incidents made that visible in a way that no framework document could. On March 24, 2026, an attacker did not exploit a code vulnerability in LiteLLM. They compromised the publishing credentials of a PyPI package maintainer. Two malicious versions went live. The package had 3.4 million downloads that day. Every environment running those versions had OpenAI keys, Anthropic credentials, AWS secrets and Kubernetes tokens exfiltrated to attacker-controlled servers. Nothing crashed. Nothing flagged. It just collected everything and sent it out.One week later, Anthropic's Claude Code npm package leaked 512,000 lines of source code via a debug file. Researchers found that malicious repositories could steal Anthropic API keys by cloning them. Developers' machines were compromised before they ran a single line of code.Neither attack exploited a product weakness. Both exploited credentials. Firewalls did not stop them and scanne...المصدر: Forbes | Source: Forbes
ملاحظة تحريرية | Editorial Note: نُشر هذا المقال في الأصل بواسطة Forbes. خبر (Khabr) هي منصة إعلامية أردنية مرخّصة تعمل بالذكاء الاصطناعي. نضيف قيمة تحريرية من خلال: تحليل ذكي للأخبار، ملخصات تلقائية، رواية صوتية بالذكاء الاصطناعي، ترجمة متعددة اللغات، وتدقيق الحقائق. هدفنا جعل الأخبار أكثر وضوحاً وسهولةً للقارئ العربي.
This article was originally published by Forbes. Khabr is a licensed Jordanian AI-powered news platform (Registration #82086). We add editorial value through: AI-powered news analysis, automated summaries, AI audio narration, multi-language translation (Arabic, English, French, Turkish), and AI fact-checking. Our mission is to make news more accessible and understandable for Arabic-speaking audiences worldwide.
