WordPress 7.0 ships with native AI integration, and within days a security researcher at Patchstack warned that the release creates "an absolute rush by hackers" to steal AI API keys stored on WordPress sites. Within the same week, a real bug surfaced in the new Connectors screen where API keys appear in plain text in browser autofill dropdowns. For small business owners running WordPress, this is a five-alarm fire worth understanding before you click update.

The risk is not theoretical. AI API keys are essentially prepaid cash that gets billed to your credit card every time the key is used, and a single compromised key can rack up tens of thousands of dollars in charges in days. Hackers steal these keys to run bot networks on social media and dating apps, to write malware at scale, and to power phishing campaigns that look like a real person typed them. According to Oliver Sild, the founder of Patchstack, "WordPress 7.0 combined with plugin vulnerabilities = free AI tokens." He is not speculating. He has watched the same dynamic play out across the WordPress plugin ecosystem for years, and the addition of monetizable AI credentials inside the CMS makes every site that connects to OpenAI, Anthropic, or Google Gemini a far more attractive target than it was a month ago.

The concrete bug that surfaced within days of the 7.0 release shows how real the exposure is. When you paste an Anthropic API key into the new Connectors setup form in WordPress admin, the value of the key is exposed in the browser's autofill suggestion dropdown as plain text. Anyone sharing your computer, recording your screen, or shoulder-surfing a Zoom call can grab it. The official WordPress trac ticket, numbered 65303, describes it as a missing secure password field treatment. Until it is fixed, the practical workaround is to use a unique throwaway key per site, set strict spending limits on your AI provider account, and never paste keys on shared or recorded screens.

The deeper problem is architectural. WordPress's plugin trust model was designed in an era when the worst thing a compromised plugin could leak was your email subscribers or a database dump. Now, the same vulnerability can drain your bank account through AI usage charges. Developers in the WordPress community are openly discussing whether the platform needs a more granular permission system that controls which plugins and themes can touch sensitive credentials. As one commenter put it bluntly, "once they have access to the database, you are doomed." That is not a problem any individual plugin can solve, and it is not something you can patch with a security plugin.

So what should you actually do this week. First, audit which of your WordPress sites have AI integrations enabled and what API keys are stored in your database. Second, set a hard monthly spending cap on every AI provider account you have connected. Third, rotate any key that has ever lived in a WordPress admin screen, browser autofill, or shared recording. Fourth, if you are not actively using AI features on a given site, delete the keys and disable the connector entirely. A site that does not hold a key is a site that cannot be drained.

The bottom line is that WordPress 7.0 is a genuine leap forward for the platform, and the AI integration is genuinely useful. It is also the first WordPress release where an old, unpatched plugin can cost you five figures in a single weekend. Update to 7.0, but treat every API key on your site like the credit card number it effectively is.