SAIL 2.0

/

Build - AI Security Posture Management

/

Exposed or Hardcoded Credentials in Build Artifacts

3.9

.

Exposed or Hardcoded Credentials in Build Artifacts

sail
3.9
Risk

Exposed or Hardcoded Credentials in Build Artifacts

Description

Credentials for accessing data sources, APIs, or deployment environments are left embedded in code, configuration files, or artifacts created during the build process.

Example

A script for model training is found to contain hardcoded AWS access keys.

Assets Affected

Agent Config

Notebook

Model Metadata

Pipeline Job

Mitigation
  • Scan code and build artifacts for credentials
  • use secrets management tools
  • enforce policies prohibiting hardcoded credentials
  • regularly audit and rotate credentials.
Standards Mapping
  • ISO: A.6.2.4, A.4.5
  • OWASP agentic: ASI03
  • EU AI Act: Art. 15(5)
  • DASF: Agents-MCP Server 13.19, Agents-MCP Client 13.27
  • AIUC-1: B007, B008