<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<title>🔑 Sensitive Data Exposure in AI-Generated Code</title>
<style>
:root{
--bg:#f9fafc;
--card:#ffffff;
--accent:#2563eb;
--error:#ef4444;
--safe:#10b981;
--text:#333;
}
body{
margin:0;
font-family: "Poppins", system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial;
background: var(--bg);
color: var(--text);
line-height:1.5;
}
.file-guide{
max-width:1400px;
margin:0 auto;
padding:20px;
}
.file-guide .title{
font-size:2rem;
font-weight:800;
color:var(--accent);
margin-bottom:10px;
}
.file-guide .intro{
background:var(--card);
border-radius:12px;
padding:16px;
margin-bottom:20px;
box-shadow:0 4px 12px rgba(0,0,0,0.08);
font-size:1rem;
}
.file-guide .vulnerability{
background: var(--card);
border-radius:12px;
padding:14px;
margin-bottom:16px;
box-shadow: 0 4px 12px rgba(0,0,0,0.07);
transition: transform .18s ease, box-shadow .18s ease;
}
.file-guide .vulnerability:hover{
transform: translateY(-4px);
box-shadow: 0 10px 24px rgba(0,0,0,0.10);
}
.file-guide .subtitle{
margin:0 0 8px 0;
color:var(--accent);
font-size:1.4rem;
font-weight:800;
}
.file-guide .description{
margin:0 0 6px 0;
font-size:1rem;
}
.file-guide .detection{
margin:6px 0 8px 0;
font-size:1.05rem;
color:#222;
font-style:italic;
}
.file-guide .example{
display:flex;
gap:14px;
flex-wrap:wrap;
margin-top:10px;
}
.file-guide .code, .file-guide .solution{
flex:1;
min-width:320px;
padding:10px;
border-radius:8px;
font-size:0.95rem;
}
.file-guide .code{
background:#fff5f5;
border:1px solid var(--error);
}
.file-guide .solution{
background:#f0fff8;
border:1px solid var(--safe);
}
.file-guide .example-title{
margin:0 0 8px 0;
font-size:1.05rem;
font-weight:700;
}
.file-guide pre{
margin:0;
font-family:"Courier New", monospace;
font-size:0.9rem;
overflow-x:auto;
white-space:pre-wrap;
word-break:break-word;
}
.file-guide .services{
margin-top:6px;
font-size:0.92rem;
}
.file-guide .services span{
display:inline-block;
background:#eef2ff;
color:var(--accent);
padding:4px 8px;
border-radius:6px;
margin:4px 6px 0 0;
font-weight:600;
font-size:0.85rem;
}
.file-guide .links{
margin-top:8px;
font-size:1.05rem;
font-weight:600;
}
.file-guide .links a{
color:var(--accent);
text-decoration:none;
}
.file-guide .links a:hover{ text-decoration:underline; }
.file-guide .final-section{
background:var(--card);
border-radius:12px;
padding:18px;
margin-top:30px;
box-shadow:0 4px 12px rgba(0,0,0,0.1);
}
.file-guide .final-section h2{
color:var(--accent);
font-size:1.5rem;
margin-bottom:10px;
}
@media (max-width:760px){
.file-guide .example{ flex-direction:column; }
.file-guide .code, .file-guide .solution{ min-width:100%; }
}
</style>
</head>
<body>
<section class="file-guide">
<h1 class="title">🔑 Sensitive Data Exposure in AI-Generated Code</h1>
<div class="intro">
<p>
Sensitive Data Exposure is a critical vulnerability that occurs when secrets, credentials, or proprietary information are improperly handled in AI-generated code. AI tools, while speeding up development, often replicate insecure patterns from training data or provide naive code that exposes sensitive information.
</p>
<p>
Below we outline major vulnerabilities, provide insecure vs. secure AI-generated code examples, and show detection methods.
</p>
</div>
<!-- Hard-Coded Secrets -->
<div class="vulnerability">
<h2 class="subtitle">1. Hard-Coded Secrets / Credentials (CWE-798)</h2>
<p class="description">
AI-generated code may hard-code API keys, passwords, or tokens directly in the source code. This exposes sensitive data and increases the risk of compromise if the code is shared, stored in repositories, or leaked.
</p>
<div class="example">
<div class="code">
<h3 class="example-title">AI Insecure Example:</h3>
<pre>
const API_KEY = "12345-abcdef-67890";
fetch("https://api.example.com/data?key=" + API_KEY);
</pre>
</div>
<div class="solution">
<h3 class="example-title">Safe Solution:</h3>
<pre>
const API_KEY = process.env.API_KEY;
fetch(`https://api.example.com/data?key=${API_KEY}`);
</pre>
</div>
</div>
<p class="detection"><strong>Detection:</strong> Secret scanning, SAST, manual code review.</p>
<div class="links">
Reference: <a href="https://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798</a>
</div>
<div class="services">
<strong>🔧 Services we offer:</strong>
<span>SonarQube Setup Assistance</span>
<span>Source Code Review</span>
</div>
</div>
<!-- Insecure Storage / Transmission -->
<div class="vulnerability">
<h2 class="subtitle">2. Insecure Storage or Transmission of Sensitive Data (CWE-200)</h2>
<p class="description">
AI-generated code may save sensitive information in plaintext or transmit it over unencrypted channels. This can lead to exposure of passwords, personal data, or proprietary information.
</p>
<div class="example">
<div class="code">
<h3 class="example-title">AI Insecure Example (Python):</h3>
<pre>
with open("passwords.txt", "w") as f:
f.write(user_password)
requests.post("http://example.com/login", data={"password": user_password})
</pre>
</div>
<div class="solution">
<h3 class="example-title">Safe Solution:</h3>
<pre>
import bcrypt, requests
hashed = bcrypt.hashpw(user_password.encode(), bcrypt.gensalt())
with open("passwords.txt", "wb") as f:
f.write(hashed)
requests.post("https://example.com/login", data={"password": hashed})
</pre>
</div>
</div>
<p class="detection"><strong>Detection:</strong> Encryption review, network traffic monitoring, SAST.</p>
<div class="links">
Reference: <a href="https://cwe.mitre.org/data/definitions/200.html" target="_blank">CWE-200</a>
</div>
<div class="services">
<strong>🔧 Services we offer:</strong>
<span>SonarQube Setup Assistance</span>
<span>Source Code Review</span>
</div>
</div>
<!-- LLM Data Leakage -->
<div class="vulnerability">
<h2 class="subtitle">3. LLM Data Leakage (OWASP LLM06)</h2>
<p class="description">
AI tools may inadvertently include sensitive project data in generated code or prompts. LLMs trained on internal repositories could generate code containing confidential snippets or credentials from training data.
</p>
<div class="example">
<div class="code">
<h3 class="example-title">AI Insecure Example:</h3>
<pre>
# Generated function includes a real password from training data
def get_secret():
return "SuperSecret123!"
</pre>
</div>
<div class="solution">
<h3 class="example-title">Safe Solution:</h3>
<pre>
# Do not embed sensitive data
def get_secret():
return os.environ.get("SECRET_KEY")
</pre>
</div>
</div>
<p class="detection"><strong>Detection:</strong> Manual review, code scanning, secret detection tools.</p>
<div class="links">
Reference: <a href="https://owasp.org/Top10AI/#LLM06" target="_blank">OWASP LLM06</a>
</div>
<div class="services">
<strong>🔧 Services we offer:</strong>
<span>SonarQube Setup Assistance</span>
<span>Source Code Review</span>
</div>
</div>
<!-- Logging Sensitive Information -->
<div class="vulnerability">
<h2 class="subtitle">4. Logging Sensitive Information</h2>
<p class="description">
AI may generate debug statements that log passwords, API keys, or tokens, increasing exposure risk.
</p>
<div class="example">
<div class="code">
<h3 class="example-title">AI Insecure Example (Python):</h3>
<pre>
print("User password:", user_password)
</pre>
</div>
<div class="solution">
<h3 class="example-title">Safe Solution:</h3>
<pre>
print("User logged in:", username)
# Avoid logging sensitive data
</pre>
</div>
</div>
<p class="detection"><strong>Detection:</strong> Secret scanning, log audits, SAST.</p>
<div class="links">
Reference: <a href="https://cwe.mitre.org/data/definitions/532.html" target="_blank">CWE-532</a>
</div>
<div class="services">
<strong>🔧 Services we offer:</strong>
<span>SonarQube Setup Assistance</span>
<span>Source Code Review</span>
</div>
</div>
<!-- Credentials in Source Repositories -->
<div class="vulnerability">
<h2 class="subtitle">5. Credentials in Source Repositories</h2>
<p class="description">
AI-generated code may reference files containing credentials or secrets that are stored in repositories, risking exposure if the repository is public or improperly secured.
</p>
<div class="example">
<div class="code">
<h3 class="example-title">AI Insecure Example (Node.js):</h3>
<pre>
const secrets = require('./secrets.json'); // contains API keys
</pre>
</div>
<div class="solution">
<h3 class="example-title">Safe Solution:</h3>
<pre>
const secrets = process.env; // load from environment variables
</pre>
</div>
</div>
<p class="detection"><strong>Detection:</strong> Repository scanning, SAST, manual review.</p>
<div class="links">
Reference: <a href="https://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798</a>
</div>
<div class="services">
<strong>🔧 Services we offer:</strong>
<span>SonarQube Setup Assistance</span>
<span>Source Code Review</span>
<span>Software Composition Analysis</span>
</div>
</div>
<!-- Hard-Coded Database Passwords -->
<div class="vulnerability">
<h2 class="subtitle">6. Hard-Coded Database Passwords</h2>
<p class="description">
AI may generate code with database connection strings including plaintext passwords, which exposes critical infrastructure credentials.
</p>
<div class="example">
<div class="code">
<h3 class="example-title">AI Insecure Example (Java):</h3>
<pre>
Connection conn = DriverManager.getConnection(
"jdbc:mysql://localhost:3306/db", "root", "password123");
</pre>
</div>
<div class="solution">
<h3 class="example-title">Safe Solution:</h3>
<pre>
Connection conn = DriverManager.getConnection(
System.getenv("DB_URL"), System.getenv("DB_USER"), System.getenv("DB_PASS"));
</pre>
</div>
</div>
<p class="detection"><strong>Detection:</strong> Secret scanning, static analysis.</p>
<div class="links">
Reference: <a href="https://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798</a>
</div>
<div class="services">
<strong>🔧 Services we offer:</strong>
<span>SonarQube Setup Assistance</span>
<span>Source Code Review</span>
</div>
</div>
<!-- Insecure Data Transmission -->
<div class="vulnerability">
<h2 class="subtitle">7. Insecure Data Transmission (CWE-319)</h2>
<p class="description">
AI-generated code may send sensitive data over HTTP or unencrypted channels, exposing credentials and personal information.
</p>
<div class="example">
<div class="code">
<h3 class="example-title">AI Insecure Example (Python):</h3>
<pre>
requests.post("http://example.com/login", data={"user": username, "pass": password})
</pre>
</div>
<div class="solution">
<h3 class="example-title">Safe Solution (Python):</h3>
<pre>
requests.post("https://example.com/login", data={"user": username, "pass": password})
</pre>
</div>
</div>
<p class="detection"><strong>Detection:</strong> Network monitoring, code review, SAST.</p>
<div class="links">
Reference: <a href="https://cwe.mitre.org/data/definitions/319.html" target="_blank">CWE-319</a>
</div>
<div class="services">
<strong>🔧 Services we offer:</strong>
<span>SonarQube Setup Assistance</span>
<span>Source Code Review</span>
</div>
</div>
<!-- Final Section -->
<div class="final-section">
<h2>🔧 How Our Services Help</h2>
<ul>
<li><strong>SonarQube Setup Assistance:</strong> Detects hard-coded secrets, insecure storage/transmission, logging of sensitive data, repository leaks, database password exposure, and insecure transmission.</li>
<li><strong>Source Code Review:</strong> Expert review of AI-generated code for all sensitive data vulnerabilities.</li>
<li><strong>Software Composition Analysis:</strong> Detects vulnerable dependencies or misconfigured packages affecting sensitive data handling.</li>
<li><strong>Software Licence Analysis:</strong> Ensures compliance for third-party components in AI-generated projects.</li>
</ul>
</div>
</section>
</body>
</html>
|