In 2026, the phenomenon of secrets sprawl continued to escalate, with security teams struggling to keep pace. GitGuardian’s latest report, ‘State of Secrets Sprawl 2026’, highlights the significant growth in hardcoded secrets across public GitHub repositories. The report identifies 29 million new instances in 2025, marking a 34% increase from the previous year and the most substantial annual rise to date.
Key Trends in Secrets Exposure
The report reveals three major trends reshaping the cybersecurity landscape. Firstly, the integration of AI technologies has significantly altered the ways in which credentials are leaked. Secondly, internal systems are more vulnerable than organizations often realize. Lastly, the process of remediation remains a critical challenge for the industry.
GitGuardian’s findings emphasize that the proliferation of secrets is outstripping the growth of the developer community. Since 2021, the number of leaked secrets has surged by 152%, whereas GitHub’s public developer base has grown by 98%. The rise of AI-assisted coding is contributing to this increase, highlighting the limitations of detection methods alone.
Impact of AI Services on Credential Leaks
AI services have emerged as a major driver of credential leaks. In 2025, GitGuardian detected over 1.27 million leaked secrets linked to AI services, reflecting an 81% increase from the previous year. The expansion of AI infrastructures, such as retrieval APIs and orchestration tools, is expanding the attack surface, necessitating robust security strategies for AI deployments.
Internal repositories pose a significant risk, being six times more likely to harbor leaked credentials than public ones. GitGuardian’s analysis shows that 32.2% of internal repositories contain hardcoded secrets, compared to 5.6% of public repositories. These leaks involve high-value assets, emphasizing the need for enhanced internal security measures.
Broader Implications and Future Outlook
Beyond repositories, 28% of credential leaks in 2025 were traced back to collaboration tools like Slack and Jira. Such incidents are particularly concerning, as 56.7% of these leaks were rated critical. This data underscores the need for comprehensive monitoring beyond source code alone.
Moreover, self-hosted systems such as GitLab and Docker registries contribute to the exposure of secrets, with leaks occurring at three to four times the rate of public GitHub. The persistence of valid credentials over time, with 64% of those leaked in 2022 still active, highlights the urgent need for automated credential rotation and revocation processes.
As AI continues to integrate into development environments, the concept of non-human identity governance becomes crucial. Organizations must focus on identifying and managing non-human identities, adopting short-lived, identity-driven access, and implementing secrets vaulting as standard practice.
The landscape of secrets sprawl is evolving rapidly, driven by AI adoption and the increasing complexity of software delivery ecosystems. Security programs must adapt to these changes by enhancing visibility across systems and developing effective remediation strategies to protect critical assets in this dynamic environment.
