AI Agents Don't Understand Secrets. That's Your Problem.

23.8 million new secrets were leaked on public GitHub in 2024. A 25% increase year-over-year. And 70% of them are still active two years later. Now add AI coding assistants to the mix. GitGuardian found that repositories where GitHub Copilot is active have a 40% higher secret leak rate than the baseline: 6.4% vs 4.6%. In a controlled test, Copilot generated 3.0 valid secrets per prompt on average across 8,127 code suggestions. AI agents write code fast. They also hardcode credentials fast. And they do it without understanding what a secret is, why it matters, or what happens when it ships. This post walks through the problem, the real-world data, and the practical defenses you can apply today. The numbers These are not projections. They come from published research: Stat Source 23.8M secrets leaked on public GitHub in 2024 GitGuardian State of Secrets Sprawl 2025 25% year-over-year increase GitGuardian 2025 70% of leaked secrets still active 2 years later GitGuardian 2025 6.4% of Copil