GitHub secrets leak surges as AI coding tools backfire

Craig Nash
By
Craig Nash
Tech writer at All Things Geek. Covers artificial intelligence, semiconductors, and computing hardware.
9 Min Read

The GitHub secrets leak problem has spiraled into a full-blown crisis. GitGuardian’s State of Secrets Sprawl 2026 report documents 28.65 million new hardcoded secrets added to public GitHub commits in 2025, a staggering jump that underscores how developers continue to accidentally expose API keys, tokens, and credentials at scale. The worst part? The tools meant to help developers write code faster are making the problem worse.

Key Takeaways

  • 28.65 million hardcoded secrets leaked on GitHub in 2025, up from 23.77 million in 2024
  • Repositories using GitHub Copilot had a 6.4% secret leakage rate, 40% higher than the average
  • 70% of secrets leaked in 2022 remain active and exploitable as of 2025
  • 65% of 50 major AI companies leaked verified secrets like API keys and tokens
  • Private repositories are 9 times more likely to contain plaintext secrets than public ones

AI Coding Tools Are Amplifying the Sprawl

The rise of AI-assisted coding has introduced a new vulnerability vector: developers writing code faster without thinking about security consequences. Public repositories using GitHub Copilot show a 6.4% secret leakage rate, roughly 40% higher than the average across all repositories. Copilot usage itself jumped 27% between 2023 and 2024, meaning more developers are relying on AI suggestions that frequently include hardcoded credentials pulled from training data. This is not a coincidence. When developers work faster, they cut corners on security hygiene, and AI tools amplify that tendency by generating plausible-looking but insecure code patterns.

The problem extends far beyond casual developers. Wiz researchers scanning 50 companies from the Forbes AI 50 list found that 65% had leaked verified secrets—API keys, tokens, and credentials—scattered across deleted forks, gists, and repositories. ElevenLabs API keys appeared in plaintext, linked to what researchers call “vibe coding,” the practice of writing code based on intuition rather than secure patterns. HuggingFace tokens in a deleted fork exposed 1,000 private models and sensitive training details. These are not small mistakes by junior developers—these are breaches at well-funded AI companies with security teams.

The GitHub Secrets Leak Problem Runs Deeper Than Copilot

AI tools are a symptom, not the root cause. The fundamental issue is that developers treat public repositories as private, and organizations misconfigure access controls on sensitive projects. Private repositories scanned by GitGuardian contained plaintext secrets in 35% of cases, nine times higher than public repositories. The assumption seems to be that privacy settings will protect credentials, but deleted commits, force-pushed branches, and archived repositories remain permanently accessible through GitHub’s data archive and third-party tools.

Researcher Sharon Brizinov from Truffle Security demonstrated this vulnerability by mining GitHub’s archive for “oops commits”—commits that developers force-pushed or deleted after realizing their mistake. The archive, maintained since 2020, preserved thousands of secrets including GitHub personal access tokens, AWS credentials, MongoDB credentials, and even an admin token for Istio repositories. These discoveries led to approximately $25,000 in bug bounties, but they also exposed a harsh truth: there is no reliable way to delete a commit once it leaves your local machine. Once pushed, assume it is permanently exposed.

Why GitHub Push Protection Fell Short

GitHub offers Push Protection, a feature designed to block commits containing secrets before they reach the repository. Yet the tool has significant blind spots. MySQL and MongoDB credentials slip through undetected, meaning common database access patterns remain unprotected. Generic secrets—placeholder credentials, default tokens, and common patterns—comprise 58% of all leaked credentials, and many of these bypass automated detection. The tool works only on new commits; it cannot remediate secrets already in the repository or in the archive.

GitGuardian detected 1.9 million pro-bono alerts in 2025, yet 15% of commit authors leaked a secret at some point. The sheer volume suggests that awareness and tooling alone cannot solve the problem. Developers need structural changes: centralized secrets management, automated rotation policies, and clear organizational guidelines. GitGuardian recommends deploying real-time monitoring across all environments, implementing centralized detection across repositories and containers, enforcing semi-automated secrets rotation to eliminate long-lived credentials, and providing developers with clear vault usage guidelines. None of these are novel ideas, yet adoption remains spotty.

The Persistence Problem: Old Secrets Stay Active

One of the most alarming findings is that 70% of secrets leaked in 2022 remain active as of 2025. Three-year-old credentials are still valid, still exploitable, and still sitting in public archives. This suggests that organizations leak secrets, fail to detect the leak, and never rotate the affected credentials. An attacker with access to GitHub’s archive can harvest years of exposed tokens and methodically test them against live systems. The window for exploitation is not days or weeks—it is indefinite.

This persistence problem reveals a gap between detection and response. GitGuardian can identify leaks, but organizations must act on alerts, rotate credentials, and audit access logs. Truffle Security’s open-source Force Push Scanner, released to mine orphaned commits via BigQuery and TruffleHog, provides another detection layer, but detection without response is theater. The real challenge is organizational discipline and the willingness to treat secrets exposure as a critical incident, not a minor logging event.

Is AI-assisted coding fundamentally incompatible with security?

Not inherently, but the current generation of AI coding tools trains on public code, including insecure patterns and leaked credentials. Without guardrails, these tools will suggest code that mirrors their training data—which includes plenty of hardcoded secrets. Organizations using Copilot or similar tools must implement stricter pre-commit scanning, enforce mandatory secrets rotation, and educate developers on why AI-generated code requires the same security review as human-written code.

What should developers do if they discover a leaked secret?

Immediately revoke the credential and rotate it to a new value. Assume the old credential is compromised and in the hands of attackers. Check access logs for unauthorized activity using that credential. If the secret is part of an organizational system (AWS, database, API), audit all access since the leak date. Document the incident and report it internally—treating leaks as learning opportunities rather than career-ending mistakes encourages developers to report them quickly instead of burying them.

Can GitHub’s archive be purged of old secrets?

No. Once a commit is pushed and archived, deletion is not reliable. GitHub maintains historical data, and third-party tools like the GitHub Archive preserve commits in BigQuery. The only practical defense is prevention: never commit secrets in the first place, use centralized secrets management, and rotate credentials regularly so that leaked old secrets become worthless.

The GitHub secrets leak crisis is not a technology problem—it is a culture and process problem. AI coding tools have accelerated the pace of development, but they have not changed the fundamental requirement that secrets must be managed separately from code. Until organizations enforce that discipline, the sprawl will continue, old credentials will remain exploitable, and AI tools will keep generating code that looks secure on the surface but leaks credentials in the background. The 28.65 million secrets exposed in 2025 are not an anomaly; they are a warning that the current approach to secrets management is broken.

Edited by the All Things Geek team.

Source: TechRadar

Share This Article
Tech writer at All Things Geek. Covers artificial intelligence, semiconductors, and computing hardware.