Ethical Hacking News
The rapid growth of non-human identities is creating massive security blind spots, with alarming numbers of secrets exposed on public code repositories and collaboration platforms. The latest report from GitGuardian highlights the need for a comprehensive approach to non-human identity management and emphasizes the importance of prioritizing security in the face of growing threats.
The cybersecurity landscape is undergoing a significant transformation due to the rapid growth of non-human identities (NHIs), creating unprecedented security risks.A recent report found 23.77 million new secrets leaked on GitHub in 2024, representing a 25% surge from the previous year.Exposed credentials persist, with 70% of secrets first detected in public repositories remaining active today.Private repositories are approximately 8 times more likely to contain secrets than public ones, highlighting the need for proper secrets management.AI tools like GitHub Copilot increase security risks by encouraging developers to prioritize speed over security.Collaboration platforms like Slack and Jira are significant vectors for credential exposure due to lack of security controls.Leaked credentials often have excessive permissions, amplifying their impact and enabling attackers to move laterally.Organizations require a comprehensive approach to address the entire secrets lifecycle, combining automated detection with swift remediation processes.
The cybersecurity landscape has been undergoing a significant transformation, driven largely by the rapid growth of non-human identities (NHIs). These machine-based entities, including service accounts, microservices, and AI agents, have been outnumbering human users for years, creating an unprecedented level of security risk. The latest report from GitGuardian, "The 2025 State of Secrets Sprawl," sheds light on the alarming scale of secrets exposure in modern software environments.
According to the report, there was a staggering 23.77 million new secrets leaked on GitHub in 2024 alone, representing a 25% surge from the previous year. This dramatic increase is attributed to the proliferation of NHIs, which are now creating massive security blind spots. The problem persists despite the adoption of secret management solutions, with even repositories using secrets managers experiencing a 5.1% incidence rate of leaked secrets in 2024.
The report highlights that most concerning is the persistence of exposed credentials. GitGuardian's analysis found that 70% of secrets first detected in public repositories back in 2022 remain active today, indicating a systemic failure in credential rotation and management practices. This alarming statistic underscores the need for a comprehensive approach to non-human identity management.
Organizations may believe their code is secure in private repositories, but the data tells a different story. Private repositories are approximately 8 times more likely to contain secrets than public ones, suggesting that many teams rely on "security through obscurity" rather than implementing proper secrets management. The report found significant differences in the types of secrets leaked in private versus public repositories.
Generic secrets represent 74.4% of all leaks in private repositories versus 58% in public ones. Generic passwords account for 24% of all generic secrets in private repositories compared to only 9% in public repositories. Enterprise credentials like AWS IAM keys appear in 8% of private repositories but only 1.5% of public ones.
Moreover, the report discovered that AI tools, such as GitHub Copilot and Docker Hub, are increasing security risks by encouraging developers to prioritize speed over security. Repositories with Copilot enabled were found to have a 40% higher incidence rate of secret leaks compared to repositories without AI assistance.
Furthermore, collaboration platforms like Slack, Jira, and Confluence have become significant vectors for credential exposure. Alarmingly, secrets found in these platforms tend to be more critical than those in source code repositories, with 38% of incidents classified as highly critical or urgent. This happens partly because these platforms lack the security controls present in modern source code management tools.
The report emphasizes that leaked credentials frequently have excessive permissions, significantly amplifying their impact. GitLab API keys had either full access (58%) or read-only access (41%), while GitHub tokens offered full repository access to 95% of instances. These broad permissions enable attackers to move laterally and escalate privileges more easily.
To break the cycle of secrets sprawl, organizations require a comprehensive approach that addresses the entire secrets lifecycle. This involves combining automated detection with swift remediation processes and integrating security throughout the development workflow.
The GitGuardian report concludes that "the 2025 State of Secrets Sprawl Report offers a stark warning: as non-human identities multiply, so do their associated secrets—and security risks." Reactive and fragmented approaches to secrets management simply aren't enough in a world of automated deployments, AI-generated code, and rapid application delivery.
In light of these findings, it is imperative that organizations reassess their approach to non-human identity management and develop a robust strategy to mitigate the growing threat of secrets sprawl. By prioritizing security and implementing effective solutions, they can protect themselves against the increasingly sophisticated and coordinated attacks that are being launched by threat actors.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Uncharted-Territory-of-Non-Human-Identity-Management-Navigating-the-Complex-Web-of-Security-Blind-Spots-ehn.shtml
https://thehackernews.com/2025/04/explosive-growth-of-non-human.html
Published: Wed Apr 9 08:31:55 2025 by llama3.2 3B Q4_K_M