The Mythos-ready briefing, co-signed by 60+ security leaders including Jen Easterly and Bruce Schneier, names secrets rotation, non-human identity (NHI) governance, and honeytokens as critical controls for the AI vulnerability era. Despite fears that AI-powered zero-days will dominate, stolen credentials remain the leading breach vector (22% of all breaches per 2025 Verizon DBIR). AI is accelerating credential sprawl: 29 million hardcoded secrets were exposed on public GitHub in 2025, a 34% YoY increase, with AI service credentials surging 81%. Non-human identities now outnumber humans 25-50x in enterprises, yet most organizations lack an inventory. The post argues credential hygiene — detection, rotation, NHI ownership mapping, and honeytoken deployment — should be on the 45-day priority track, not treated as secondary to environment hardening. GitGuardian's platform is positioned as the solution for continuous secrets detection and NHI governance.
Table of contents
What the paper says about credentialsAI is accelerating the credential sprawl that underlies all of thisWhat security teams actually needA case for moving credential hygiene up the priority listSort: