How I Found API Keys Leaking in 4 Out of 6 Audits
Last month, I audited six AI agent deployments. Nothing fancy. Just regular companies building tools with OpenClaw, AutoGPT, and custom agents.
Four of them had exposed API keys.
Not “maybe vulnerable.” Not “theoretical risk.” I mean I found the actual keys. In plain text. Accessible to anyone who knew where to look.
6 audits. 4 leaks. 66% failure rate.
One key gave access to $12,000 of API credits. Another was connected to a production database. None of the founders knew until I showed them.
Where I Found Them
| Location | How Many | What It Looked Like |
|---|---|---|
.env file in project root | 2 | Right there. Next to the README. Pushed to a private repo (but someone had fork access). |
| Hardcoded in a config file | 1 | API_KEY="sk-ant-xxxx" in a JSON config. Clear as day. |
| Git commit history | 1 | They “removed” it. But it was still in the commit history. Anyone could go back and grab it. |
The Three Stories That Stuck With Me
1. The .env file that wasn’t secret
A solo developer built an OpenClaw agent to automate his customer support. He stored the API key in a .env file in his project root. Standard practice, right? The problem? He also gave a freelance developer access to the same repository. That freelancer left the company six months ago. His access was never revoked. The key was still there. The freelancer could have grabbed it any time.
Time to find: 4 minutes.
Potential damage: Unlimited API calls charged to the original owner.
2. The config file in production
A small startup had six AI agents running. All of them used the same API key. It was hardcoded in a JSON config file on their production server. No rate limits. No spending caps. One prompt injection later: $2,000 in API calls at 3am. The attacker didn’t even try hard. They just asked the agent to “repeat this 10,000 times.” The agent obeyed. The bill arrived the next morning.
Time to find: 11 minutes.
Actual damage: $2,000 and a very angry founder.
3. The git commit that never died
A mid-sized company hired me after they suspected a breach. I didn’t find anything live. But I checked their git history. There it was. An old commit from two years ago: API_KEY="sk-ant-xxxx". They had “removed” it in the next commit. But git keeps everything. Anyone who ever cloned that repo had access to the key. And the key was still active.
Time to find: 20 seconds.
Potential damage: Two years of undetected exposure.
What All Four Had in Common
- โ Every single one thought they were “too small to be targeted”
- โ Every single one said “we’ll fix it later”
- โ Every single one had no monitoring or alerts on API usage
- โ Every single one fixed it within 24 hours after I showed them
The pattern is clear. It’s not that people are careless. It’s that they’re busy. And API keys feel abstract. Not like a server. Not like a database. Just a string of characters. But that string of characters is often the only thing standing between your data and the internet.
How to Fix It (Under an Hour)
- Rotate every key you’ve ever used. Assume the old ones are already compromised. It takes 10 minutes.
- Move all keys to environment variables. No hardcoding. No config files. No exceptions.
- Use one key per agent. If one gets compromised, the rest stay safe.
- Set spending caps. Even $10/day protects you from a 3am attack loop.
- Check your git history. `git log -S “sk-ant” –all` will find old keys in commits.
- Revoke access for anyone who doesn’t need it anymore. Freelancers. Former employees. Contractors.
The Honest Truth
I’m not special. I didn’t use advanced tools. I didn’t hack anything. I just looked where people always hide things. And I found keys in 66% of the audits I ran.
The attackers are doing the same thing. Right now. While you read this.
The good news? The fix is simple. It’s not expensive. It’s not complicated. You just have to do it.
Don’t be the 4 out of 6. Be the 2.
Want me to check your setup?
I audit AI agent deployments. No automated scanners. Just me looking where attackers look.
โ๏ธ Direct message me โ say “key audit” and I’ll send you my 10-point checklist.
๐ฉ DM @StackOfTruths on XNo bots. No sales scripts. Just a pentester who’s seen it all.
Leave a Reply