“Former #WordPress AI Team co-rep #JamesLePage acknowledged the risk but argued it wasn’t unique to WordPress. “An #APIkey is an API key,” LePage wrote, noting that the Connectors implementation requires multiple deliberate steps before AI is usable, including updating to #WordPress7, installing a connector plugin, obtaining and entering an API key. He said the risk was comparable to a poisoned NPM supply chain attack or a leaked GitHub secret.”

https://www.therepository.email/patchstack-ceo-warns-wordpress-7-0-could-trigger-absolute-rush-to-steal-ai-api-keys