The disturbing scope of secrets exposed in contemporary software environments is revealed in GitGuardian’s State of Secrets Sprawl document for 2025. The rapid expansion of non-human identities ( NHIs ), which have outstripped human users for years, contributes to this. As these machine identities continue to be deployed, which poses an unprecedented level of security danger, we must create security measures and governance for them.
This report reveals that an astounding 23.77 million new mysteries were leaked on GitHub only in 2024. This is a 25 % increase over the past year. This dramatic rise highlights how threat actors ‘ ability to use non-human identities ( NHIs ) like service accounts, microservices, and AI agents is rapidly increasing as a result.
The Non-Human Personality Crisis
In DevOps surroundings, NHI strategies, including API secrets, service accounts, and Kubernetes workers, are now outnumbered people identities by at least 45 to 1. Modern system requires these machine-based credentials, but improper management poses major security risks.
The resilience of revealed qualifications is the most concerning. According to the study conducted by GitGuardian, 70 % of the secrets discovered in public repositories in 2022 are still active nowadays, indicating a systemic failure in management and credential rotation.
A False sense of security is displayed in secret vaults.
Organizations may feel that their code is safe in secret repositories, but the data reveals something entirely different. Public repositories are 8 times more likely than secret ones to have secrets. This suggests that many groups rely on” safety through darkness” rather than putting together effective strategies management.
The review found that there were significant differences between the types of techniques that were leaked in public and private repositories:
- Generic secrets account for 74.4 % of all leaks in private repositories, compared to 58 % in public ones.
- Generic passwords make up 24 % of all generic secrets in private repositories, compared to only 9 % in public repositories.
- Enterprise credentials like AWS IAM keys are present in only 1.5 % of public repositories, compared to 8 % of private repositories.
This style suggests that developers are more careful with public password while frequently skipping corners in areas they believe are safe.
AI Tools Improving the Issue
While GitHub Copilot and another AI programming aides may increase productivity, security risks are also rising. When compared to repositories without AI help, researchers found that archives with Copilot enabled had a 40 % higher rate of secret leaks.
This alarming figure suggests that AI-powered development may become urging developers to emphasize speed over security and embed credentials in ways that conventional development practices may avert.
Docker Hub: 100, 000+ Valid Mysteries Exposed
More than 100, 000 true strategies, including AWS tips, GCP keys, and GitHub tokens from Fortune 500 companies, were discovered in an extraordinary analysis of 15 million people Docker images from Docker Hub.
According to the research, 97 % of these true strategies were discovered in picture layers, with the majority appearing in tiers smaller than 15MB. 65 % of all leaks were caused by ENV instructions alone, which highlights a significant lack of caution in container security.
Beyond Resource Code: Collaboration Tools ‘ Strategies
Code archives are not the only places where secrets are leaked. According to the report, token coverage has increased significantly thanks to cooperation platforms like Slack, Jira, and Confluence.
Alarmingly, secrets discovered on these platforms are more critical than those stored in source code repositories, with 38 % of incidents being highly critical or urgent, compared to 31 % in source code management systems. This is a result of these websites ‘ inability to implement the security measures found in contemporary source code control tools.
Alarmingly, just 7 % of mysteries in collaboration tools are found in the code base, making this area of mysteries sprawl a challenging issue for most secret monitoring tools. Additionally, it is aggravated by the fact that all departmental users of these systems use them, which could mean that anyone could possibly eavesdrop on credentials.
The Permissions Issue
GitGuardian discovered that leaked credentials usually have extreme permissions, further compounding the risk:
- 99 % of GitLab API keys had read-only access ( 41 % ) or full access ( 58 % ), while 41 % had read-only access ( 41 % ).
- 96 % of GitHub currencies allowed write access, and 95 % did so for full store exposure.
These extensive permissions substantially increase the potential impact of leaked credentials, making it easier for attackers to escalate privileges horizontally and intensify privileges.
Breaking the Cycle of Strategies Sprawl
The report emphasizes that these devices alone are insufficient because organizations are increasingly implementing key management techniques. In 2024, GitGuardian discovered that even libraries that employ strategies managers had a 5.1 % increase in leaked techniques.
A comprehensive approach that incorporates the whole secrets cycle, incorporating quick remediation procedures with automated detection, and transforming security throughout the development process is required to solve the issue.
, in our opinion, is a stern notice: as non-human identities expand, so do the related secrets and security risks. In a world of automatic operations, AI-generated script, and quick software delivery, sensitive and fragmented approaches to secrets management are insufficient.