Streamlit apps commonly exposed to internet and missing auth (www.upguard.com)

A recent analysis by UpGuard revealed significant security risks associated with shadow AI applications developed using Streamlit, an open-source framework designed for quickly transforming Python scripts into web applications. As productivity demands soar, the number of such applications could grow to 100,000 by the end of 2025. Alarmingly, many of these applications are exposed to the internet without proper authentication, leading to potential data breaches. Out of nearly 15,000 identified self-hosted Streamlit applications, over 10,000 granted public access, with instances of sensitive data, including personal information and confidential business intelligence, being readily available online. This situation poses serious implications for the AI and machine learning community, as the increase of shadow AI apps expands the attack surface significantly without adequate oversight. Organizations must prioritize security by implementing proper access controls and avoiding public hosting for applications that handle sensitive data. The findings stress the importance of integrating security measures into the development and management of such tools, as improperly configured applications can lead to substantial data exposure risks. As AI tools become more commonplace in various sectors, the need for vigilance in securing these applications will be crucial to protecting valuable data assets.