Review: GitGuardian's State of Secrets Sprawl 2026 Turned into Secret-Handling Guardrails for Drupal and WordPress Teams Usin...

GitGuardian's State of Secrets Sprawl 2026 is not really a report about "developers making mistakes." It is a report about credential volume outrunning governance. For Drupal agencies, WordPress product teams, and mixed CMS platform groups now using AI coding tools, that distinction matters. My read is simple: if your Drupal or WordPress workflow still treats secrets as repo-level variables plus a scanner in CI, you are behind the threat model described in the report. The Signals That Matter Most GitGuardian's report page, published on March 17, 2026, highlights several numbers that should change how CMS teams operate: 28,649,024 new secrets were detected in public GitHub commits in 2025, up 34% year over year. AI-assisted commits leaked secrets at roughly 2x the baseline across public GitHub commits. GitGuardian found 24,008 unique secrets in MCP configuration files. Internal repositories were 6x more likely than public repositories to contain hardcoded secrets. About 28% of secrets s