Risk
Exposed or Hardcoded Credentials in Build Artifacts
Description
Credentials for accessing data sources, APIs, or deployment environments are left embedded in code, configuration files, or artifacts created during the build process.
Example
A script for model training is found to contain hardcoded AWS access keys.
Assets Affected
Coding agent (config)
Notebook
Model metadata
Pipeline Job
AI access credentials
Mitigation
- Scan code and build artifacts for credentials
- Use secrets management tools
- Enforce policies prohibiting hardcoded credentials
- Regularly audit and rotate credentials
Standards Mapping
- ISO 42001: A.6.2.4, A.6.2.5
- NIST AI RMF: MEASURE 2.7, MAP 4.2