Risk
Exposed or Hardcoded Credentials in Build Artifacts
Description
Credentials for accessing data sources, APIs, or deployment environments are left embedded in code, configuration files, or artifacts created during the build process.
Example
A script for model training is found to contain hardcoded AWS access keys.
Assets Affected
Agent Config
Notebook
Model Metadata
Pipeline Job
Mitigation
- Scan code and build artifacts for credentials
- use secrets management tools
- enforce policies prohibiting hardcoded credentials
- regularly audit and rotate credentials.
Standards Mapping
- ISO: A.6.2.4, A.4.5
- OWASP agentic: ASI03
- EU AI Act: Art. 15(5)
- DASF: Agents-MCP Server 13.19, Agents-MCP Client 13.27
- AIUC-1: B007, B008