Gitleaks Creator Returns with Betterleaks, an Open Source Secrets Scanner for the Agentic Era

The rise of AI‑assisted coding has amplified the risk of hard‑coded credentials slipping into repositories, a problem that traditional scanners struggle to keep pace with. Betterleaks addresses this gap by rethinking detection logic: instead of relying solely on entropy metrics, it evaluates token patterns through byte‑pair encoding, a method that better distinguishes genuine secrets from random strings. This shift not only improves accuracy but also aligns with the speed at which AI tools generate code, allowing security teams to catch leaks in near‑real time.

A key differentiator for Betterleaks is its use of the Common Expression Language (CEL) to define validation rules. CEL offers a lightweight, sandboxed environment where security policies can be written and updated without recompiling the scanner, granting organizations the agility to adapt to emerging credential formats. Coupled with a pure Go implementation that eliminates CGO and Hyperscan dependencies, the tool runs consistently across diverse CI/CD pipelines, from on‑prem servers to cloud‑native environments, delivering faster scans and easier deployment.

Beyond technical enhancements, Betterleaks reflects a broader industry trend toward open‑source security tooling backed by commercial sponsors. Aikido’s investment signals confidence that community‑driven projects can serve as foundational components for enterprise products while remaining freely available. As AI agents become integral to software development, tools like Betterleaks that integrate seamlessly into automated workflows will be essential for maintaining a robust security posture, preventing credential exposure before it becomes a breach vector.