AI learning mechanisms can lead to an increase in code base leaks

The proliferation of non-human identities and the complexity of modern application architectures have created significant security challenges, particularly when managing sensitive credentials, according to GitGuardian and CyberArk.

Based on a survey of 1,000 IT decision makers at organizations with over 500 employees in the US, UK, Germany and France, the report shows a significant increase in awareness and concern about the risks associated with sharing secrets.

The number of secret leaks is increasing

79% of respondents said they had experienced or were aware of secret disclosure within their organization, an increase from 75% last year. This highlights the increasing prevalence of this security challenge. Organizations are responding to these challenges with significant resource allocation, devoting an average of 32.4% of security budgets to secrets management and code security.

77% are currently investing in secrets management tools or plan to invest in secrets management tools by 2025, with 75% focused on secrets detection and remediation tools. This shows a commitment to tackling the problem head on.

74% of respondents have implemented at least a partially developed strategy to prevent secret leaks. However, 23% (up from 27% in 2023) still rely on manual reviews or have no defined strategy, indicating a worrying lack of awareness or proactive measures among some organizations.

75% expressed moderate to high confidence in their organization’s ability to detect and prevent hard-coded secrets in source code. This level of trust is even higher in the US, reaching 84%. On average, respondents also reported sharing 36% of their secrets annually.

The average time to fix a leaked secret is 27 days. However, GitGuardian data suggests that implementing secret detection and remediation solutions can significantly reduce this time to around 13 days within a year.

Concerns about AI and supply chain risks are increasing

43% of respondents concerned about the potential for increased leaks in codebases highlighted the risk of AI learning and reproducing patterns that contain sensitive information. Additionally, 32% identified the use of hard-coded secrets as a key risk point within their software supply chain.

Almost as worrisome is the human factor: 39% fear inadequate security review of AI-generated code, suggesting a critical gap between the speed of AI support and appropriate security practices. The closely related concerns about AI’s context awareness (37%) and inadvertent acceptance of hard-coded secrets (36%) further highlight that the intersection between AI capabilities and security requirements presents multiple vectors for the potential disclosure of sensitive information that companies are actively exposed to have to encounter.

“The findings from our 2024 report underscore the increasing threat of secret leaks and the need for robust, automated solutions to mitigate these risks,” said Eric Fourrier, CEO of GitGuardian. “While increasing investment in secrets management is encouraging, organizations must prioritize implementing comprehensive strategies that include early detection, rapid remediation, and a strong focus on developer training and best practices. It is critical for organizations to proactively address these concerns and strengthen their security posture to protect their sensitive data and maintain their competitive advantage.”

“It is encouraging that security leaders are increasingly recognizing the importance of securing machine identities and eliminating hard-coded secrets,” said Kurt Sand, GM Machine Identity Security at CyberArk. “However, nearly a quarter of respondents still use manual systems to remediate leaks, highlighting the need to improve security, remediation and efficiency through automation.” As the need for AI continues to drive the rise of machine identities, companies need automated ones Machine identity security approaches that scale.”

While organizations are becoming more aware of and investing in secrets management – 77% plan to invest in secrets management tools by 2025 – the increasing frequency of secret leaks (79% of organizations) signals that the challenge is growing digital transformation continues to increase.