GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub

The 2025‑2026 AI boom has fundamentally altered how software is built, but it has also accelerated the sprawl of secrets across codebases. As developers increasingly rely on large‑language‑model assistants, the volume of commits has surged 43% year‑over‑year, outpacing the growth of the developer workforce. This imbalance creates a fertile environment for credential leakage, especially when AI tools embed tokens or keys without adequate safeguards. Understanding this shift is essential for security leaders who must adapt threat models to include AI‑generated code artifacts.

Beyond the obvious rise in code‑level exposures, AI‑service credentials have emerged as a high‑impact vector, jumping 81% YoY to over 1.2 million incidents. These secrets often bypass traditional detection controls designed for human‑authored code, slipping into configuration files, CI pipelines, and even developer laptops. The report shows internal repositories are six times more likely to harbor hard‑coded credentials than public ones, and roughly 28% of leaks now originate from collaboration tools, expanding the attack surface beyond version control. Treating non‑human identities—service accounts, bots, and AI agents—as first‑class assets is no longer optional.

Remediation remains a critical bottleneck: 64% of secrets disclosed in 2022 are still active, and long‑lived credentials account for 60% of violations. Organizations need automated governance frameworks that continuously inventory, rotate, and revoke secrets across code and non‑code environments. Solutions like GitGuardian’s NHI platform combine real‑time detection with lifecycle management, enabling security teams to prioritize high‑risk exposures and enforce least‑privilege principles at scale. Investing in such capabilities will help close the growing security debt and protect the expanding AI‑driven software supply chain.