Over 10,000 Docker images on Docker Hub are leaking sensitive credentials, including API keys and cloud access tokens, according to security firm Flare. Many of these leaks originate from unmonitored developer accounts, putting critical infrastructure at risk. Even when developers remove secrets, the underlying credentials often remain active, leaving systems vulnerable.

This article discusses the importance of sandboxing and using proxies to protect sensitive data when working with Claude Code. It highlights potential risks, such as API key exposure, and offers practical solutions for managing access and ensuring confidentiality.

Moltbook, a social network for AI agents, suffered a major security breach due to a misconfigured Supabase database, exposing 1.5 million API keys and personal data of 17,000 human users. The incident highlights risks in quickly developed applications without adequate security measures.

Research reveals over 4,500 Clawdbot/Moltbot instances are publicly exposed, allowing attackers to extract sensitive data like API keys and WhatsApp session credentials. The vulnerabilities stem from insecure design, misconfigured dashboards, and excessive permissions. Immediate action is recommended for users to mitigate risks.

AWS provides guidance on securely implementing and managing Amazon Bedrock API keys, recommending the use of temporary security credentials via AWS STS whenever possible. It outlines best practices for using short-term and long-term API keys, including monitoring, protection strategies, and the importance of adhering to security policies through service control policies (SCPs).

AWS has introduced Amazon Bedrock API keys, which include long-term and short-term options for AI development. While these keys offer benefits such as being scoped to Bedrock services and monitored through CloudTrail, they also raise security concerns, particularly regarding IAM user creation and the potential for persistent access key misuse.