Learn how 12,000 valid API keys and passwords were discovered in the Common Crawl dataset, exposing AI training data to serious security and compliance risks.

Continue reading
A massive trove of nearly 12,000 valid API keys and passwords has been uncovered in the Common Crawl repository—an enormous open-source archive used extensively to train large language models (LLMs). This alarming discovery underscores a systemic risk that could be feeding vulnerabilities directly into AI projects at major tech companies.
Common Crawl has, for over a decade, offered petabytes of freely accessible web data. Because it’s so vast, many AI developers—potentially including those behind models at OpenAI, DeepSeek, Google, Meta, Anthropic, and Stability—rely on these archives to build and refine powerful language models.
Researchers at Truffle Security analyzed 2.67 billion web pages (about 400 terabytes of data) from the December 2024 Common Crawl archive. Their tool, TruffleHog, flagged a staggering 11,908 secrets that proved fully functional—including AWS root keys, MailChimp API keys, Slack webhooks, and more.
Key Findings
Although LLM training typically involves data-cleaning and filtering to remove sensitive or redundant information, no process is perfect. The sheer volume of data means leaked credentials can slip through, effectively teaching AI systems to regurgitate or even reference them. This threatens the security of the compromised services and raises major concerns about the ethical and legal implications of using publicly scraped data for training.
By embedding keys into front-end files, developers inadvertently grant anyone scanning the web ready access to powerful backend systems. Attackers could exploit these credentials to:
Truffle Security collaborated with impacted vendors to rotate or revoke thousands of compromised keys. Still, this incident highlights the urgent need for stronger developer practices, especially as AI continues to devour terabytes of public data. Critical steps include:

A security researcher demonstrated how three patched OpenClaw vulnerabilities can be chained from a WhatsApp message to achieve credential theft, sandbox escape, and host-level code execution, exposing architectural risks in AI agents.