◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

API key exposure

Definition
An API key is a secret password that gives access to a paid AI service (such as OpenAI or Anthropic). Exposure happens when that key is accidentally stored in a publicly accessible place — a website database, a plugin configuration file, or a code repository — where an attacker can find and steal it.
Why it matters
A stolen AI API key lets an attacker run unlimited queries at the victim's expense, access proprietary data sent to the AI service, and potentially manipulate the AI outputs seen by end users. Multiple vulnerabilities in AI plugins disclosed this period exposed API keys to low-privilege attackers.
Demonstrated by recent findings
Chatway Live Chat AI Chatbot — Subscriber Sensitive Data Exposure (CVE-2026-49082)ChatBot WordPress Plugin — Subscriber Broken Access Control (CVE-2026-40788)GPTranslate WordPress AI Translation Plugin — Unauthenticated SQL Injection (CVE-2026-49776)GPTranslate WordPress Plugin — Unauthenticated SQL Injection via AI Translation Endpoint (CVSS 9.3)AI Engine WordPress Plugin — Editor Privilege Escalation (CVE-2026-27407)
References
OWASP Top 10 for LLM Applications — LLM09: Misinformation / Overreliance
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →