Follow the data to learn the secret
Dylan Ayrey
BSidesSF 2026 · Day 1 · AMC Theatre 14
In this compelling talk, Dylan Ayrey, CEO and co-founder of Truffle Security, unveils a staggering problem: the pervasive leakage of sensitive data, including hundreds of thousands of live API keys, passwords, and personal information, across the vast landscape of open-source AI datasets hosted on **HuggingFace**. While his company, built on the popular open-source tool **Truffle Hog**, traditionally focuses on finding secrets in conventional repositories, Ayrey's research reveals that the burgeoning world of AI data aggregation has inadvertently become a colossal reservoir for exposed credentials and private information, often with severe legal, privacy, and security ramifications.
AI review
Ayrey brings real scan data — 100k live secrets across a platform that most security people haven't thought to look at yet — and builds a coherent narrative around why this problem is structurally unfixable, not just a collection of oopsies. The data curation bias finding (sandboxes preferentially retain hardcoded keys because they execute cleanly) is the kind of second-order insight that separates actual research from a grep report.