What happened
SUSE's Rancher AI Agent component logs API keys and raw LLM response text at DEBUG verbosity without redaction, exposing credentials and potentially sensitive model output to anyone with log access.
Why it matters
AI agent credential leakage via logs is a recurring class of vulnerability (seen elsewhere this week in Langflow's credential-encryption flaw); in a Kubernetes-managed enterprise AI platform like Rancher, leaked API keys can be used to pivot into upstream LLM provider accounts or other connected services.
Attack vector
When DEBUG loglevel is enabled, Rancher AI Agent writes API keys and full LLM response text — potentially including sensitive data — into logfiles, which local attackers with log access can read to obtain credentials or leaked data.
Affected systems
SUSE Rancher AI Agent 1.0, versions before 1.0.2
Mitigation
Upgrade to Rancher AI Agent >= 1.0.2; avoid DEBUG loglevel in production, and restrict log file access. See GHSA-5r2r-h824-fr5v.