AI leaks your company’s code secrets faster than ever

· Source: Pivot to AI · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Intermediate, medium

Summary

GitGuardian's "State of Secrets Sprawl" report, published in March, revealed a critical surge in hardcoded secrets, with 28.65 million new instances found in public GitHub commits during 2025. This represents a 34% increase from 2024, marking the largest single-year jump ever recorded. The report firmly attributes this escalation to AI coding, noting that eight of the ten fastest-growing types of leaked secrets are linked to AI services, with LLM infrastructure leaking five times faster than core model providers. Specifically, developers using Claude Code leak secrets at twice the baseline rate, with Claude Code and OpenClaw being major contributors to these leaks. The problem extends to internal repositories, which hold six times more secrets than public ones, as exemplified by the Red Hat Consulting GitLab breach in September. Alarmingly, 64% of secrets leaked in 2022 remain valid and vulnerable, indicating a widespread failure to remediate these exposures.

Key takeaway

For AI Security Engineers overseeing development, the escalating rate of hardcoded secrets due to AI coding demands urgent attention. Your current secret detection methods are insufficient if 64% of leaks remain valid. You must implement robust preventative processes to block secret commits, educate your teams on secure credential management, and reduce over-reliance on AI bots for security-critical code. Prioritize security over development convenience to mitigate severe data breaches.

Key insights

AI coding tools significantly accelerate the hardcoding and leaking of sensitive secrets, creating widespread vulnerabilities.

Principles

Method

First, understand the specific secret sprawl problem, then establish processes to prevent secret commits, and ensure developers comprehend the risks.

In practice

Topics

Best for: CTO, VP of Engineering/Data, AI Architect, Software Engineer, AI Security Engineer, Director of AI/ML

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Pivot to AI.