Our latest State of Secrets Sprawl 2025 research reveals a troubling reality: the majority of leaked corporate secrets found in public code repositories continue to provide access to systems for years after their discovery.
Private repos leak plaintext secrets 8x more often than public ones. Learn why internal codebases are the biggest blind spot in your secrets management strategy.
AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain.
MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP is a new source of leaks that already discloses real-world secrets.
Secrets aren't just in code. GitGuardian’s 2025 report shows major leaks in collaboration tools like Slack, Jira, and Confluence. Here’s what security teams need to know.
Go beyond GitHub's scope. Understand the full picture of your secret leaks with GitGuardian, covering public and internal exposures.
Generic secrets are hard to detect and are getting leaked more often. See how GitGuardian offers advanced protection where GitHub's push protection falls short.
GitGuardian's 2025 report reveals 70% of leaked secrets remain active two years later. Discover the alarming state of secrets sprawl & protect your organization.
Learn how the F1 score helps you choose the right tool to strengthen your security posture.
Protect hedge fund assets from secrets-related attacks. Learn how GitGuardian provides visibility and control over secrets and mitigates the risks of hardcoded secrets.
At GitGuardian we see things that no one should ever see. We detect and collect leaked secrets that are so hideous we could lose our sanity. Let us introduce you to some of the most terrifying leaks we saw this year. If you dare.
![Precision & Recall [Security Zines]](/content/images/size/w600/2024/10/Recall-in-Detection.png)
Or how to find a key in a code haystack
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
