GitGuardian Warns AI-Coded Software Is Doubling Secret Leak Risk as NHI Exposure Surges

New updates have been reported about GitGuardian.

GitGuardian has placed itself at the center of the emerging security risks from AI-assisted software development with its fifth “State of Secrets Sprawl” report, highlighting how mainstream AI tools in 2025 drove a 34% year-on-year jump in exposed credentials on GitHub to roughly 29 million detected secrets. The company reports that commits assisted by Claude Code leaked secrets at around 3.2%, roughly double the 1.5% baseline, underscoring that AI is dramatically accelerating both code creation and the proliferation of non-human identities (NHIs) and their associated keys, tokens, and service accounts.

For GitGuardian, the data both validates and sharpens its product thesis: security programs must move beyond simple secret detection toward full NHI governance across code and non-code assets. The report shows AI service credential leaks grew 81% year-on-year to more than 1.27 million exposed secrets, internal repositories remain about six times more likely than public ones to contain hardcoded credentials, and nearly 28% of incidents now originate in collaboration and productivity tools rather than source repos, expanding the company’s target surface. GitGuardian CEO Eric Fourrier warns that AI agents accessing local editors, terminals, and credential stores turn developer machines into a “massive attack surface,” a risk the company is addressing with local scanning and identity inventory capabilities that map which machines hold which secrets and where over-privileged access exists.

The study further reveals structural remediation and governance gaps that GitGuardian is positioning to solve for enterprises: roughly 60% of violations involve long-lived secrets, 46% of critical secrets lack vendor validation mechanisms and thus require richer contextual analysis, and 64% of valid secrets discovered in 2022 remained unrecalled by 2026. This combination of AI-driven volume, expanding NHI attack surface, and persistent remediation debt supports demand for GitGuardian’s end-to-end NHI Security platform, which integrates secrets detection, lifecycle management, and governance across distributed development environments. With its GitHub application already the most installed globally and support for more than 550 secret types, GitGuardian is strategically aligning its roadmap and market messaging around NHI as a first-class security asset, positioning the company to capture growing budgets from organizations seeking scalable, automated controls for non-human identities in AI-accelerated software delivery.