Hello and welcome to the Monday, March 3, 2025 edition of the Sands and at Stormsiders Stormcast.

My name is Johannes Ulrich, and today I'm recording from Baltimore, Maryland.

Well, let's start today with some stories about AI training data.

And the first one here comes from Truffle Security.

Truffle Security, of course, is the company behind Traffle Hawk,

the very frequently used well-respected tool allows you to identify API keys,

and other secrets that you may leak in Git or other repositories and such.

So Truffle Security took a big database, in Git or other repositories and such.

So travel security took a big database of AI training data that's being offered by Common Crawl.

Common Crawl is going out and sputtering the web for many years now to have something like 400 terabytes of data that they're

offering. And, well, it shouldn't really be a surprise because it's the same thing that we had with

Google and other web spiders that offer them the data publicly, that it now becomes, well,

rather be straightforward to find things like API keys that people leaked on their websites.

A little bit tricky here that this data is also historic data. I believe they're doing this for the last 10 years or such.

So it is not just current data. Now, sites like Google, they offer some historic data, but usually focus more on current data.

They found, again, 12,000 what the travel security considers life keys, which means that they work according to

Truffle Hawk. Traffle Hawk has a little sort of test feature that allows you to make sure that these

are not just simple sample or expired credential that being used here.

They point out in their paper that this number of roughly 12,000 secrets is, of course,

just an estimate.

There are some that they missed just because they were

formatted not correctly. And then of course, always a little bit tricky to figure out if they're

...