AI Credentials Are The Real Attack Surface

Two recent attacks on LiteLLM and Anthropic's Claude Code exploited credentials, not code vulnerabilities. Malicious PyPI versions exfiltrated OpenAI, Anthropic, AWS, and Kubernetes keys. Claude Code leaked 512,000 lines of source code. Firewalls and scanners missed both attacks because the attack surface was credential infrastructure.