AI coding assistants twice as likely to leak secrets, as overall leaks rise 34%

Secrets leaked via public GitHub commits rose by 34% in 2025, as commits co-authored by AI assistants were twice as likely to leak secrets, GitGuardian found.

GitGuardian’s The State of Secrets Sprawl 2026 report published Tuesday marked the highest-ever increase in leaked secrets since the first report in 2021, and also revealed an 81% increase in leaked secrets tied to AI services.

The total number of leaked secrets was about 28.65 million in 2025, up from about 21 million in 2024. In 2021, the number of leaked secrets was just 11 million, demonstrating an acceleration in secrets exposure.

GitGuardian also found that public commits co-authored by Claude Code leaked secrets at about two times the baseline rate, with 1.5% of commits leaking secrets in total compared with 3.2% of Claude Code co-authored commits.

Related reading:

However, the researchers also noted that the number of secrets per 1,000 commits leaked by Claude Code versus human developers began to converge around September 2025, coinciding with the release of Claude Sonnet 4.5.

The number of AI-related secrets leaked in 2025 was 1,275,105, with secrets tied to supporting infrastructure like orchestration tools, retrieval augmented generation (RAG) tools and vector storage five times more likely to be leaked that those tied to core serves like OpenAI or Anthropic.

Eight of the top 10 fastest growing types of leaked secrets were AI-related, and Openrouter topped the charts with a 48-fold increase in leaked secrets year-over-year. GitGuardian also found more than 24,000 secrets exposed via public model context protocol (MCP) configurations in the first full year of the protocol’s adoption.

A large proportion of the exposed secrets discovered by GitGuardian in previous years remained valid in 2025, with 64% of secrets exposed in 2022 still active.

The second wave of the Shai-Hulud supply chain attack in late 2025 revealed the extent of secrets present on developers’ machines, with nearly 300,000 secret occurrences tracked, a total of 33,185 unique secrets identified and 3,760 found to still be valid at the time of GitGuardian’s analysis. Additionally, while the majority of compromised machines held 10 secrets or less, about 30% carried more than 10 and 5% carried more than 100.

Beyond public GitHub activity, GitGuardian also found secrets exposure within internal repos, which were six times more likely to contain hardcoded secrets than public repos. Overall, about a third of internal repositories contained hardcoded secrets, posing potential risks in the case of a developer compromise, insider threat or failure to remove these secrets when repos are later published.

Copying and pasting of plaintext credentials and access keys into collaboration tools like Slack, Jira and Confluence also made up a substantial chunk of internal secrets exposure, accounting for 28% of internal incidents. These incidents were also more likely to be classed as high or critical severity – 91% compared with 86% for internal source code leaks.

About 80,000 secrets were also found to be publicly exposed due to self-hosted GitLab and Docker instances being inadvertently exposed to the internet. About 10,000 of these secrets were found to be valid, posing a significant risk.

Overall, GitGuardian recommended developers scan code changes for secrets before committing them and treat internal repositories as a first-class leak source rather than relying on “security through obscurity.”

Storing secrets in a secure, centralized vault and automating the rotation of secrets is also recommended; additionally, GitGuardian encourages the rotation of leaked secrets to be prioritized based on overall risk level rather than just whether the secret can be validated.