{"id":8180,"date":"2026-05-18T09:00:00","date_gmt":"2026-05-18T09:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8180"},"modified":"2026-05-18T09:00:00","modified_gmt":"2026-05-18T09:00:00","slug":"ai-coding-is-fueling-a-secrets-sprawl-crisis-few-cisos-are-containing","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8180","title":{"rendered":"AI coding is fueling a secrets-sprawl crisis few CISOs are containing"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn\u2019t write the code himself<\/a>. He \u201cjust had a vision,\u201d and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws.<\/p>\n

\u200bExperts at cloud security company Wiz and, independently, researcher Jameson O\u2019Reilly, discovered that Moltbook\u2019s backend database, hosted on Supabase, had been improperly configured. As a result, it granted broad read and write access to platform data.<\/p>\n

\u201cThe exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents,\u201d Wiz researchers noted in a blogpost<\/a>.<\/p>\n

In traditional software development, leaking a secret typically stems from a mistake. Usually, a developer hardcodes a key, copies the wrong configuration file, or pushes internal code to a public repository. With AI-assisted coding, those mistakes can happen quickly and often go unnoticed, because speed and functionality are prioritized over security<\/a>.<\/p>\n

Given the rise in popularity of vibe coding, the issue is accelerating. \u201cThe pace at which we are building and the sheer amount of code would have been unimaginable even just a few years ago,\u201d says Dwayne McDaniel, principal developer advocate at GitGuardian.<\/p>\n

In 2025, public code commits surged by more than 40% compared to the previous year, and secrets are rising just as fast. Security firm <\/a>GitGuardian reported<\/a> a 34% increase in leaked secrets on GitHub last year \u2014 the largest spike on record \u2014 bringing the total to nearly 29 million exposed credentials.<\/p>\n

\u201c12 of the top 15 fastest-growing leaked secret types were AI services,\u201d says McDaniel. More than 1.27 million AI-related secrets were exposed in 2025, marking an 81% year-over-year increase, the fastest growth recorded in any single category.<\/p>\n

McDaniel groups these credentials into several broad areas: the LLM platforms themselves, the support and orchestration ecosystem, the AI control plane, Model Context Protocol (MCP) servers, and agentic coding assistants.<\/p>\n

\u201cI\u2019m increasingly concerned about the volume of code being pushed out by AI and the speed at which developers are reviewing it,\u201d says Christine Bejerasco, CISO of WithSecure. \u201cThat can lead to more vulnerable code, especially as frontier AI models are now capable of identifying vulnerabilities at scale.\u201d<\/p>\n

Secrets leaks require immediate response<\/h2>\n

Many organizations know deep down they have a problem with AI-generated code<\/a>. However, some don\u2019t realize the severity of the situation, just how many secrets are exposed across their systems.<\/p>\n

When a leaked secret is detected, the issue should be treated as a security incident. \u201cWe activate our incident response process immediately,\u201d says WithSecure\u2019s Bejerasco.<\/p>\n

The secret is revoked or disabled, and a new one is generated. \u201cFrom there, the incident response team works with R&D to investigate the impact across systems and data. That\u2019s followed by cleanup, then hardening,\u201d she says. \u201cWhile incidents are typically coordinated by the CISO office, the R&D team owns the actual revocation and cleanup.\u201d<\/p>\n

The organization conducts post-mortems and implements any necessary updates to systems or policies based on what was learned.<\/p>\n

Although remediation is critical, the process is far from straightforward. According to GitGuardian, 64% of valid secrets identified in 2022 remain unrevoked in 2026, largely because many organizations lack the governance and repeatable processes needed to clean them up at scale.<\/p>\n

\u201cWe think this is less a visibility issue and more a combination of priority, tooling, and ownership,\u201d GitGuardian\u2019s McDaniel says.<\/p>\n

Detection is the easy part, says Rohan Gupta, vice president of cloud, security, and DevOps at R Systems. \u201cRemediation is where discipline gets tested.\u201d<\/p>\n

Addressing the broader issue<\/h2>\n

As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up.<\/p>\n

\u201cWe focus on both, but the risk profile is very different \u2014 what\u2019s identified in Jira or Slack is far different from what you\u2019ll find in your code repository,\u201d says David MacKinnon, chief security officer at N-able. \u201cA mature SDLC \u2014 which includes things like effective credential vaulting, separation of duties, source code scanning, separated dev, stage\/production environments, and more \u2014 helps to minimize the business risk.\u201d<\/p>\n

At WithSecure, Bejerasco says secrets and agent access are kept \u201cas transient as possible\u201d to reduce risk. And there\u2019s also a Lifecycle Security Policy in place that mandates code reviews. \u201cThis policy is effectively the security \u2018bible\u2019 for developers,\u201d she says. \u201cIt covers privacy impact assessments, threat modeling, security testing, and code review.\u201d<\/p>\n

R Systems\u2019 Gupta agrees, advising organizations to rotate credentials, revoke exposed versions, audit for unauthorized use during any exposure window, and purge from history wherever feasible. \u201cFor the long-tail legacy service accounts, third-party integrations, embedded vendor credentials rotation is still a coordinated manual exercise, and we\u2019re steadily moving more of it into automation,\u201d he says.<\/p>\n

A key step in fixing the issue is knowing it exists. \u201cIf an organization is not aware of how many secrets they\u2019re exposing in their code base, or the level of access those secrets hold, they have a tremendous amount of business risk that they\u2019re unaware of,\u201d says N-able CSO MacKinnon.<\/p>\n

He advises CISOs to raise awareness around the scale of the problem. He also suggests stronger developer training, better tools to detect and manage risks, and solutions that enable both human and AI-driven development to operate securely. Just as important, he says, is embedding these practices into everyday workflows so that security becomes part of how code is written<\/a>, not something added afterward.<\/p>\n

\u200b<\/p>\n

His organization scans for secrets when code is committed to block any commits that would introduce risk into the products. \u201cThe creator of that code, whether it be human or AI, is held to the same level of security maturity,\u201d MacKinnon adds.<\/p>\n

Bejerasco agrees. \u201cWe need to be deliberate about assigning ownership upfront and continuously validating it, and by cracking down on anything that falls through the cracks,\u201d she says. \u201cOtherwise, these unmanaged identities and secrets will accumulate faster than we can control them.\u201d<\/p>\n

Advice for CISOs<\/h2>\n

If there is one clear lesson from the rise of AI-driven development, it\u2019s this: The biggest mistake CISOs can make is treating secrets sprawl as a scanning problem. \u201cIt is really an ownership and governance problem for machine identities at scale,\u201d McDaniel says.<\/p>\n

Gupta goes even further. \u201cA leaked secret is a symptom of an ungoverned non-human identity (NHI)<\/a> issue,\u201d he says. \u201cTreat it as detection and response, and you\u2019ll chase leaks forever. Treat it as identity governance \u2014 inventory every NHI, assign ownership, enforce short-lived credentials, prefer workload identity over static keys, rotate automatically, decommission aggressively \u2014 and the problem starts to shrink instead of grow.\u201d<\/p>\n

\u200bAnd while public leaks draw attention, most secrets exposure builds up privately \u2014 in internal repositories, build systems, and developer workflows \u2014 where ownership is unclear and remediation is often deferred.<\/p>\n

\u201cPrivate tends to get mistaken for safe, when it really just means there are fewer eyes on it,\u201d says Gupta. \u201cInside private repos, people loosen up. Because it feels contained, the guard can get dropped. All it takes is one supply-chain issue or someone walking out the door with unauthorized access.\u201d<\/p>\n

The real risk lies in the sheer volume of NHIs being created faster than organizations can track them. \u201cThe smartest CISOs right now are pushing their DevOps and dev teams to embrace better ways to handle authorization than long-lived, overprivileged API keys,\u201d he says.<\/p>\n

To WithSecure\u2019s Bejerasco, the security issues associated with AI-generated code are urgent. \u200b\u201cThe appetite for AI adoption from organizational leaders is high right now, and we need to manage that risk even though the capabilities and controls are not fully mature yet,\u201d she says.<\/p>\n

Yet, despite the urgency, the industry is still figuring out how to respond. \u201cI don\u2019t think anyone has the right answers yet; we\u2019re all building governance as we go,\u201d Bejerasco says. As AI agents become more widespread, traditional approaches might not keep up, and organizations might need to use AI to help govern AI, she adds.<\/p>\n

MacKinnon believes CISOs should not be alone in this. They should involve CEOs and CTOs in the process and explain to them that \u201cthe risk is real and it\u2019s rampant.\u201d<\/p>\n

\u200b\u201cThere\u2019s never a perfecttime to address it, but the investment in proactively reducing that risk is far easier and cheaper than learning about it after it\u2019s been used to compromise your company,\u201d MacKinnon says.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn\u2019t write the code himself. He \u201cjust had a vision,\u201d and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. \u200bExperts at cloud security company Wiz and, […]<\/p>\n","protected":false},"author":0,"featured_media":8181,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8180","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8180"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8180"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8180\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8181"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}