When API Keys Leak: Securing AI Services with Post-Quantum Proof-of-Possession

Download PDF
Open Webpage

Sunwoo Lee, Hyuk Lim, Seunghyun Yoon

Published: 2026, Last Modified: 25 May 2026ICAIIC 2026EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: API keys remain the de facto authentication mechanism for AI services, yet modern software supply chains routinely expose them through container images, build artifacts, and automation pipelines. In AI platforms, a single leaked key often acts as a high-privilege machine identity enabling access to model inference, retrieval pipelines, and tool integrations, turning credential exposure into an enterprise-scale security incident. We propose a leak-resilient authentication architecture that preserves existing provider APIs while preventing unauthorized use under realistic client-side key leakage. Our design enforces post-quantum proof-of-possession at an organizational gateway and combines workload identity, KMS-backed non-exportable signing, DPoP-bound OAuth tokens, and gateway-side verification before provider API key injection. The architecture removes provider API keys and private signing keys from leak-prone client artifacts and breaks the direct path from artifact leakage to provider-side abuse. We describe the end-to-end system design and an evaluation methodology based on realistic key leakage and replay scenarios in AI service settings.