AI coding is fueling a secrets-sprawl crisis few CISOs are containing

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself . He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. ​Experts at cloud security company Wiz and, independently, researcher Jameson O’Reilly, discovered that Moltbook’s backend database, hosted on Supabase, had been improperly configured. As a result, it granted broad read and write access to platform data. “The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents,” Wiz researchers noted in a blogpost . In traditional software development, leaking a secret typically stems from a mistake. Usually, a developer hardcodes a key, copies the wrong configuration file, or pushes internal code to a public repository. With AI-assisted coding, those mistakes can happen quickly and often go unnoticed, because speed and functionality are prioritized over security . Given the rise in popularity of vibe coding, the issue is accelerating. “The pace at which we are building and the sheer amount of code would have been unimaginable even just a few years ago,” says Dwayne McDaniel, principal developer advocate at GitGuardian. In 2025, public code commits surged by more than 40% compared to the previous year, and secrets are rising just as fast. Security firm GitGuardian reported a 34% increase in leaked secrets on GitHub last year — the largest spike on record — bringing the total to nearly 29 million exposed credentials. “12 of the top 15 fastest-growing leaked secret types were AI services,” says McDaniel. More than 1.27 million AI-related secrets were exposed in 2025, marking an 81% year-over-year increase, the fastest growth recorded in any single category. McDaniel groups these credentials into several broad areas: the LLM platforms themselves, the support and orchestration ecosystem, the AI control plane, Model Context Protocol (MCP) servers, and agentic coding assistants. “I’m increasingly concerned about the volume of code being pushed out by AI and the speed at which developers are reviewing it,” says Christine Bejerasco, CISO of WithSecure. “That can lead to more vulnerable code, especially as frontier AI models are now capable of identifying vulnerabilities at scale.” Secrets leaks require immediate response Many organizations know deep down they have a problem with AI-generated code . However, some don’t realize the severity of the situation, just how many secrets are exposed across their systems. When a leaked secret is detected, the issue should be treated as a security incident. “We activate our incident response process immediately,” says WithSecure’s Bejerasco. The secret is revoked or disabled, and a new one is generated. “From there, the incident response team works with R&D to investigate the impact across systems and data. That’s followed by cleanup, then hardening,” she says. “While incidents are typically coordinated by the CISO office, the R&D team owns the actual revocation and cleanup.” The organization conducts post-mortems and implements any necessary updates to systems or policies based on what was learned. Although remediation is critical, the process is far from straightforward. According to GitGuardian, 64% of valid secrets identified in 2022 remain unrevoked in 2026, largely because many organizations lack the governance and repeatable processes needed to clean them up at scale. “We think this is less a visibility issue and more a combination of priority, tooling, and ownership,” GitGuardian’s McDaniel says. Detection is the easy part, says Rohan Gupta, vice president of cloud, security, and DevOps at R Systems. “Remediation is where discipline gets tested.” Addressing the broader issue As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up. “We focus on both, but the risk profile is very different — what’s identified in Jira or Slack is far different from what you’ll find in your code repository,” says David MacKinnon, chief security officer at N-able. “A mature SDLC — which includes things like effective credential vaulting, separation of duties, source code scanning, separated dev, stage/production environments, and more — helps to minimize the business risk.” At WithSecure, Bejerasco says secrets and agent access are kept “as transient as possible” to reduce risk. And there’s also a Lifecycle Security Policy in place that mandates code reviews. “This policy is effectively the security ‘bible’ for developers,” she says. “It covers privacy impact assessments, threat modeling, security testing, and code review.” R Systems’ Gupta agrees, advising organizations to rotate credentials, revoke exposed versions, audit for unauthorized use during any exposure window, and purge from history wherever feasible. “For the long-tail legacy service accounts, third-party integrations, embedded vendor credentials rotation is still a coordinated manual exercise, and we’re steadily moving more of it into automation,” he says. A key step in fixing the issue is knowing it exists. “If an organization is not aware of how many secrets they’re exposing in their code base, or the level of access those secrets hold, they have a tremendous amount of business risk that they’re unaware of,” says N-able CSO MacKinnon. He advises CISOs to raise awareness around the scale of the problem. He also suggests stronger developer training, better tools to detect and manage risks, and solutions that enable both human and AI-driven development to operate securely. Just as important, he says, is embedding these practices into everyday workflows so that security becomes part of how code is written , not something added afterward. ​ His organization scans for secrets when code is committed to block any commits that would introduce risk into the products. “The creator of that code, whether it be human or AI, is held to the same level of security maturity,” MacKinnon adds. Bejerasco agrees. “We need to be deliberate about assigning ownership upfront and continuously validating it, and by cracking down on anything that falls through the cracks,” she says. “Otherwise, these unmanaged identities and secrets will accumulate faster than we can control them.” Advice for CISOs If there is one clear lesson from the rise of AI-driven development, it’s this: The biggest mistake CISOs can make is treating secrets sprawl as a scanning problem. “It is really an ownership and governance problem for machine identities at scale,” McDaniel says. Gupta goes even further. “A leaked secret is a symptom of an ungoverned non-human identity (NHI) issue,” he says. “Treat it as detection and response, and you’ll chase leaks forever. Treat it as identity governance — inventory every NHI, assign ownership, enforce short-lived credentials, prefer workload identity over static keys, rotate automatically, decommission aggressively — and the problem starts to shrink instead of grow.” ​And while public leaks draw attention, most secrets exposure builds up privately — in internal repositories, build systems, and developer workflows — where ownership is unclear and remediation is often deferred. “Private tends to get mistaken for safe, when it really just means there are fewer eyes on it,” says Gupta. “Inside private repos, people loosen up. Because it feels contained, the guard can get dropped. All it takes is one supply-chain issue or someone walking out the door with unauthorized access.” The real risk lies in the sheer volume of NHIs being created faster than organizations can track them. “The smartest CISOs right now are pushing their DevOps and dev teams to embrace better ways to handle authorization than long-lived, overprivileged API keys,” he says. To WithSecure’s Bejerasco, the security issues associated with AI-generated code are urgent. ​“The appetite for AI adoption from organizational leaders is high right now, and we need to manage that risk even though the capabilities and controls are not fully mature yet,” she says. Yet, despite the urgency, the industry is still figuring out how to respond. “I don’t think anyone has the right answers yet; we’re all building governance as we go,” Bejerasco says. As AI agents become more widespread, traditional approaches might not keep up, and organizations might need to use AI to help govern AI, she adds. MacKinnon believes CISOs should not be alone in this. They should involve CEOs and CTOs in the process and explain to them that “the risk is real and it’s rampant.” ​“There’s never a perfecttime to address it, but the investment in proactively reducing that risk is far easier and cheaper than learning about it after it’s been used to compromise your company,” MacKinnon says.