GitGuardian’s latest report reveals a staggering statistic: nearly 29 million hardcoded secrets were leaked across public repositories in 2025. That marks a 47% increase from the previous year. As organizations rapidly adopt AI agents for code generation and automation, the volume of exposed credentials has spiraled out of control. GitGuardian scanned over 2.5 billion commits and detected 28.7 million unique secrets, including API keys, database passwords, and authentication tokens. The report highlights a troubling trend: AI assistants are not just writing code but are also inadvertently helping developers mishandle credentials.
The Rising Crisis
AI agents rely on authentication tokens to connect with services, databases, and version control platforms. However, poor governance and a lack of visibility are causing these credentials to leak at unprecedented rates. GitGuardian found that 72% of organizations had at least one exposed secret in their repositories. A single hardcoded API key from OpenAI (CVE-2025-42701) was detected over 14,000 times. The problem is compounded by the speed of AI driven development. Developers are generating more code than ever, but security reviews are struggling to keep pace.
AI Agents as Culprits
The core issue is that AI agents are being treated as trusted internal users without proper security boundaries. Many companies provide these agents with broad access, but fail to rotate credentials or implement least privilege principles. The report also points to a rise in secret leaks tied to machine identities. Unlike human users who can reset forgotten passwords, machine identities often persist indefinitely, creating a massive attack surface. GitGuardian’s data shows that the average time for a secret to be exposed and detected is just 35 days.
Scope of the Exposure
To address this crisis, GitGuardian recommends adopting automated secret detection tools, enforcing credential rotation policies, and requiring strict access controls for AI agents. Organizations should also integrate secret scanning directly into their CI/CD pipelines and GitHub workflows. The report emphasizes that the era of trusting AI agents by default is over. Companies must treat every credential as a potential liability. As more teams deploy AI co-pilots and autonomous agents, the risk of credential leakage will only grow unless security practices evolve just as quickly.
Source: 29 Million Secrets Exposed in 2025: The AI Agent Credential Crisis
