Over 29 million secrets were leaked on GitHub in 2025, and AI really isn't helping (www.techradar.com)

In 2025, GitGuardian's report revealed a staggering 29 million secrets exposed on GitHub, marking a 34% year-on-year increase and the largest single-year jump ever recorded. This surge is attributed to the rapid adoption of AI-driven coding applications, which have doubled the baseline leak rates. Notably, commits utilizing AI tools like Claude Code leaked secrets at an alarming rate of 3.2%, with leaks from AI service credentials spiking by 81% year-on-year. The report emphasizes that as public GitHub commits increased by 43%, so did the number of security vulnerabilities and secret exposures in these contributions. The implications for the AI/ML community are profound, as the integration of AI in software development is leading to greater cybersecurity risks. With inexperienced developers utilizing AI tools, gaping security holes are becoming commonplace. GitGuardian highlighted the Model Context Protocol (MCP) configuration risks, where best practices often lead to hardcoding credentials in exposed locations. As AI agents demand local access, they transform developer machines into significant attack vectors. The report calls for enhanced security measures, such as local scanning tools, to protect against these vulnerabilities and mitigate risks associated with overprivileged access and production key exposure.