Inzamam Nizam
Jul 03, 2026
Researchers at Wake Forest University tested 444 AI chatbot apps on the US App Store using a traffic-analysis tool they built called LLMKeyLens. By observing what each app sent over the network, no jailbreaking or reverse engineering required, they captured working credentials for paid AI services including OpenAI and Google Gemini in 282 apps.
The team described the finding as "a widespread and systemic issue in the iOS ecosystem," noting that the problem reached from niche apps to titles with hundreds of thousands of users. The leaks spanned at least ten AI providers and 13 app categories, with productivity apps the largest affected group and health & fitness apps showing the highest leak rate.
(Source: Mind your key: An Empirical Study of LLM API Credential Leakage in iOS Apps, Wake Forest University)
Only 28% had clearly fixed the issue three months after notification. A further 23% remained actively exploitable, with the leaked credentials still functional. The remainder had either gone offline, become unreachable, or returned errors, leaving their true status unresolved.
A 2025 study known as LM-Scout uncovered the same insecure AI wiring across Android apps and was able to automatically break into 120 of them. A separate, larger audit called Leaky Apps extracted secrets from thousands of Android and iOS apps and found that developers routinely fail to revoke old keys even after removing them from an app, leaving the outdated credentials live and exploitable.
The researchers also caution that their two-thirds figure is likely an undercount, since many apps blocked traffic interception entirely. It's also worth noting that the study covers only the US App Store as of late 2025, meaning the true global scale of the problem is likely higher still.
The fix is old advice, rarely followed: never embed API keys in client-side code, route all AI calls through a server you control, authenticate every request to that server, and revoke any credential that has ever shipped inside an app. Give importance to understanding what cybersecurity is and take proactive steps to maintain high security measures.
Beyond developer fixes, the researchers recommend that AI providers take a more active role in prevention. This includes clearly labelling client-side embedded keys as inherently unsafe within their own documentation, and building in automatic detection for keys that suddenly show unusual activity, such as being used by thousands of devices at once.
You don't need to break in when the door's already open. Every technique here- traffic interception, credential harvesting, token replay is beginner material in ethical hacking. That it still works at scale on live AI apps is the real story."
- Inzamam Nizam, Cyber Security & Security Engineer, Edoxi Training Institute
"Most products that use security are not designed by anyone with security expertise. Security cannot be functionality-tested; no amount of beta testing will uncover security flaws, so the flaws end up in fielded products."
Bruce Schneier, Renowned Security Technologist
The techniques identified in this study are not new; what has shifted is the value of the underlying target. AI credentials now rank among the most costly secrets an application can expose, driving increased demand for professionals capable of identifying and remediating precisely these vulnerabilities.
The findings align closely with established cybersecurity certification pathways. Edoxi's CEH Course addresses the traffic analysis and credential-based attack methods employed in this research.
The CISSP Course covers the secure architecture principles that, if applied, would have prevented the majority of these exposures; the CND Course focuses on network defence and secure communications protocols; and the CSA Course develops the SOC monitoring capabilities required to detect a compromised key being exploited at scale. Professionals seeking a suitable entry point can explore the full range of cybersecurity courses available.
Cyber Security & Security Engineer
Inzamam Nizam is a Cyber Security & Security Engineer with over six years of experience in offensive cybersecurity, vulnerability research, and application security. His expertise includes mobile (iOS/Android), web, and network penetration testing, secure code review, red teaming, exploit development, and secure architecture assessments. Recognised in the SynAck Hall of Fame for discovering critical security vulnerabilities, he is passionate about helping organisations strengthen their security posture through practical, research-driven approaches. Throughout his career, Inzamam has led security assessments, adversary emulation exercises, and secure development initiatives across diverse industries, including banking and enterprise environments. He has contributed to innovative cybersecurity projects such as SPELL-BOUND, an open-source adversary emulation framework, GHOSTWARE AI, an AI-powered security assessment platform, and KAEDAE, a behaviour-based keylogger detection solution. Through his writing, he shares practical insights, emerging attack techniques, and defensive strategies to help security professionals stay ahead of the evolving threat landscape.