AI-Service Leaks - GitGuardian Reports 29M Secrets Exposed

What Happened

In a startling report, GitGuardian unveiled that 2025 saw an 81% surge in leaks related to AI services, with a staggering 29 million secrets exposed on public GitHub repositories. This increase is attributed to the rapid adoption of AI in software development, which has outpaced the ability to manage and secure sensitive information effectively. The report, part of GitGuardian's fifth edition of the "State of Secrets Sprawl," indicates that the secret leak rate for AI-assisted coding is alarmingly high, averaging 3.2%, compared to a baseline of 1.5%.

The report highlights a significant change in the software landscape. The number of public commits has increased by 43% year-over-year, and the rate of secret leaks is growing even faster than the developer population. This means that while more developers are contributing to projects, the risk of exposing sensitive information is escalating at an unprecedented rate.

Who's Affected

The implications of these findings are extensive, affecting organizations across various sectors that utilize AI in their software development processes. Developers, especially those using AI tools like Claude Code, are at a higher risk of unintentionally leaking sensitive information. The report emphasizes that internal repositories are particularly vulnerable, being six times more likely to contain hardcoded secrets compared to public ones.

Additionally, the report reveals that 28% of incidents stem from leaks in collaboration tools, indicating that sensitive information is not just confined to code repositories. This broad exposure raises concerns for security teams who must now contend with a more complex threat landscape.

What Data Was Exposed

GitGuardian's findings show that 1,275,105 AI service credentials were leaked, marking a significant rise in the number of exposed secrets. These leaks are particularly concerning because they often slip through security measures designed for traditional workflows. The report also highlights that long-lived secrets dominate the landscape, with 60% of policy violations involving credentials that persist over time.

Moreover, the report indicates that remediation efforts are failing at scale, with 64% of valid secrets from 2022 still unrevoked in 2026. This lack of effective governance and remediation strategies poses a serious risk to organizations relying on AI technologies.

What You Should Do

Organizations must adapt their security strategies to address the growing risks associated with AI service leaks. This includes implementing stronger governance for non-human identities (NHIs) and enhancing training for developers using AI tools. Security teams should prioritize identifying and managing exposed secrets, ensuring that sensitive information is not hardcoded in repositories or configuration files.

Investing in tools that can automate the detection and remediation of leaked secrets is crucial. GitGuardian's report suggests that organizations need to treat NHIs as first-class assets, integrating dedicated governance and context into their security programs. By doing so, they can better protect against the rising tide of AI-related leaks and secure their sensitive information.