GitGuardian's 5th annual State of Secrets Sprawl report reveals that 29 million secrets were detected on public GitHub in 2025, a 34% year-over-year increase and the largest single-year jump ever recorded. AI-assisted coding is a key driver: Claude Code commits leaked secrets at 3.2%, double the 1.5% baseline, and AI service credential leaks surged 81% YoY to over 1.27 million. MCP configuration files contributed 24,008 exposed secrets. Internal repositories remain 6× more likely to contain hardcoded secrets than public ones, and 64% of valid secrets leaked in 2022 remain unrevoked in 2026. The report highlights nine key findings for CISOs, emphasizing that non-human identities need dedicated governance, not just detection, as remediation continues to lag behind the pace of exposure.
Sort: