Summary: GitGuardian’s 2025 State of Secrets Sprawl report highlights the critical issue of secrets exposure in software environments, revealing a staggering increase in leaked secrets driven by the prevalence of non-human identities (NHIs). The report underscores the security challenges posed by mismanaged machine credentials and the misconception of safety in private repositories. It calls for a comprehensive approach to secrets management to mitigate the escalating risks associated with automated and AI-assisted development practices.
Affected: Software Development Organizations, IT Security Teams
Keypoints :
- 23.77 million new secrets were leaked on GitHub in 2024, a 25% increase from 2023.
- NHI secrets now outnumber human identities by at least 45-to-1 in DevOps environments.
- 70% of secrets detected in public repositories since 2022 remain active today.
- Private repositories are 8 times more likely to contain secrets than public ones.
- Repositories with AI tools like GitHub Copilot have 40% higher rates of secret leaks.
- More than 100,000 valid secrets were exposed in public Docker images, mostly in image layers.
- Collaboration tools are significant vectors for credential exposure, often leading to critical incidents.
- 99% of GitLab API keys have excessive permissions, increasing the risk of data breaches.
- Even with secrets management tools, a 5.1% incidence rate of leaked secrets was found in 2024.
- A comprehensive, automated approach to the secrets lifecycle is necessary for effective management.
Source: https://thehackernews.com/2025/04/explosive-growth-of-non-human.html