The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

The numbers are staggering: 29 million new hardcoded secrets discovered in public GitHub repositories in 2025 alone, representing a 34% year-over-year increase and the largest single-year jump ever recorded. GitGuardian's State of Secrets Sprawl 2026 report, analyzing billions of commits, reveals that secrets sprawl isn't just continuing—it's accelerating faster than security teams anticipated.

Here are nine strategic takeaways that demand immediate attention from security leaders.

1. Secrets are growing faster than the developer population

Since 2021, leaked secrets have grown 152%, while GitHub's public developer base expanded 98%. This divergence tells a clear story: more developers and more AI-assisted code generation mean more credentials in circulation, and detection alone can't keep pace.

2. AI services drove 81% more leaks year over year

GitGuardian detected 1,275,105 leaked secrets tied to AI services in 2025, up 81% from 2024. Eight of the ten fastest-growing categories of leaked secrets were AI-related. This isn't just about OpenAI or Anthropic keys.

The real explosion is happening in LLM infrastructure: retrieval APIs like Brave Search (+1,255%), orchestration tools like Firecrawl (+796%), and managed backends like Supabase (+992%). Every new AI integration introduces another machine identity, and each one expands the attack surface.

Deploying AI safely requires a proper secrets security strategy.

3. Internal repositories are 6x more likely to leak than public ones

While public GitHub gets the attention, internal repositories are where the highest-value credentials live. GitGuardian's research found that 32.2% of internal repos contain at least one hardcoded secret, compared to just 5.6% of public repos.

These aren't test keys. They're CI/CD tokens, cloud access credentials, and database passwords—the exact assets attackers target once they gain a foothold.

Security through obscurity has failed. Treat internal repos as first-class leak sources.

4. 28% of leaks happen entirely outside code

Secrets don't only live in repositories. GitGuardian found that 28% of incidents in 2025 originated entirely outside source code, in Slack, Jira, Confluence, and similar collaboration tools.

These leaks are more dangerous: 56.7% of secrets found only in collaboration tools were rated critical, compared to 43.7% for code-only incidents. Teams share credentials during incident response, troubleshooting, and onboarding.

If you're only scanning code, you're missing a quarter of your exposure. And the credentials leaking in collaboration tools are usually more critical and severe.

5. Self-hosted GitLab and Docker registries expose secrets at 3-4x the rate of public GitHub

GitGuardian discovered thousands of unintentionally exposed self-hosted GitLab instances and Docker registries in 2025. Scanning these systems revealed 80,000 credentials, with 10,000 still valid.

Secrets in Docker images were particularly troubling: 18% of scanned Docker images contained secrets, and 15% of those were valid, compared to 12% of GitLab repositories with a 12% validity rate. Docker secrets are also more production-adjacent.

The perimeter between private and public is porous.

6. 64% of secrets leaked in 2022 remain valid today

Detection is not remediation. GitGuardian retested secrets confirmed as valid in 2022 and found that 64% are still exploitable four years later.

This is not a rounding error. It's proof that rotation and revocation are not routine, owned, or automated in most organizations. Credentials embedded across build systems, CI variables, container images, and vendor integrations are hard to replace without breaking production.

For many teams, the safest short-term choice is to do nothing, leaving attackers with durable access paths.

7. Developer endpoints are the new credential aggregation layer

The Shai-Hulud 2 supply chain attack gave researchers rare visibility into what secrets actually look like on compromised developer machines. Across 6,943 systems, GitGuardian identified 294,842 secret occurrences corresponding to 33,185 unique secrets.

On average, each live secret appeared in eight different locations on the same machine, spread across .env files, shell history, IDE configs, cached tokens, and build artifacts. More striking: 59% of compromised machines were CI/CD runners, not personal laptops.

Once secrets start sprawling into build infrastructure, they become an organizational exposure problem, not just an individual hygiene issue.

More recently, the LiteLLM supply chain attack demonstrated the same pattern, with compromised packages harvesting SSH keys, cloud credentials, and API tokens from developer machines where AI development tools are increasingly concentrated.

8. MCP servers exposed 24,000+ secrets in their first year

Model Context Protocol (MCP) made AI systems more useful by connecting them to tools and data sources. It also introduced a new class of credential exposure.

In 2025, GitGuardian found 24,008 unique secrets in MCP-related config files on public GitHub, with 2,117 verified as valid. As agentic AI adoption accelerates, MCP and similar frameworks will normalize putting credentials into config files, startup flags, and local JSON.

The agent ecosystem is expanding faster than security controls can adapt.

9. Shift from secrets detection to non-human identity governance

The industry's limiting factor is answering three questions at scale:

• What non-human identities exist in my environment?
• Who owns them?
• What can they access?

Organizations embracing agentic AI need to move beyond detection and build continuous NHI governance. That means eliminating long-lived static credentials wherever possible, adopting short-lived identity-driven access, implementing secrets vaulting as the default developer workflow, and treating every service account, CI job, and AI agent as a governed identity with lifecycle management.

The Bottom Line

Secrets sprawl is not slowing down. It's accelerating alongside AI adoption, developer productivity tools, and distributed software delivery. The old model of scanning public repos and hoping for compliance is no longer sufficient.

Security teams need visibility across internal systems, collaboration tools, container registries, and developer endpoints. They need remediation workflows that can rotate credentials without breaking production. And most importantly, they need to stop treating secrets as isolated incidents and start managing them as part of a broader non-human identity governance program.

The attack surface has changed. The question is whether security programs will change with it.

About the Research

GitGuardian's yearly State of Secrets Sprawl report was published for the 5th time, analyzing billions of public commits on GitHub, monitoring internal incidents across customer environments, and conducting original research on self-hosted infrastructure exposure and supply chain compromises.