SAIL

/

Build - AI Security Posture Management

/

Exposed or Hardcoded Credentials in Build Artifacts

3.11

.

Exposed or Hardcoded Credentials in Build Artifacts

sail
3.11
Risk

Exposed or Hardcoded Credentials in Build Artifacts

Description

Credentials for accessing data sources, APIs, or deployment environments are left embedded in code, configuration files, or artifacts created during the build process.

Example

A script for model training is found to contain hardcoded AWS access keys.

Assets Affected

Coding agent (config)

Notebook

Model metadata

Pipeline Job

AI access credentials

Mitigation
  • Scan code and build artifacts for credentials
  • Use secrets management tools
  • Enforce policies prohibiting hardcoded credentials
  • Regularly audit and rotate credentials
Standards Mapping
  • ISO 42001: A.6.2.4, A.6.2.5
  • NIST AI RMF: MEASURE 2.7, MAP 4.2