AI learning mechanisms may lead to increase in codebase leaks


The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian.

Based on a survey of 1,000 IT decision-makers in organizations with over 500 employees across the US, UK, Germany, and France, the report reveals a significant rise in awareness and concern regarding the risks associated with secrets sprawl.

Secrets leaks are on the rise

79% of respondents reported having experienced or been aware of secrets leaking within their organization, up from 75% in the previous year. This highlights the growing pervasiveness of this security challenge. Organizations are responding to these challenges with substantial resource allocation, dedicating an average of 32.4% of security budgets to secrets management and code security.

77% are currently investing in or planning to invest in secrets management tools by 2025, with 75% focusing on secrets detection and remediation tools. This demonstrates a commitment to tackling the issue head-on.

74% of respondents have implemented at least a partially mature strategy to prevent secret leaks. However, 23% (down from 27% in 2023) still rely on manual reviews or lack a defined strategy, indicating a concerning absence of awareness or proactive measures among some organizations.

75% expressed moderate to high confidence in their organization’s ability to detect and prevent hardcoded secrets in source code. This confidence level is even higher in the US, reaching 84%. On average, respondents also said they’re able to rotate 36% of their secrets on an annual basis.

The average time to remediate a leaked secret stands at 27 days. However, GitGuardian’s data suggests that implementing secrets detection and remediation solutions can significantly reduce this time to approximately 13 days within a year.

Concerns regarding AI and supply chain risks are growing

43% of respondents concerned about the potential for increased leaks in codebases highlighted the risk of AI learning and reproducing patterns that include sensitive information. Additionally, 32% identified the use of hardcoded secrets as a key risk point within their software supply chain.

Nearly as concerning is the human factor, with 39% worried about insufficient security review of AI-generated code, suggesting a critical gap between the speed of AI assistance and proper security practices. The closely related concerns about AI’s context awareness (37%) and accidental acceptance of hardcoded secrets (36%) further emphasize how the intersection of AI capabilities and security requirements presents multiple vectors for potential sensitive information exposure that organizations need to actively address.

“The findings of our 2024 report underscore the escalating threat of secrets leaks and the need for robust, automated solutions to mitigate these risks,” said Eric Fourrier, GitGuardian CEO. “While the increasing investment in secrets management is encouraging, organizations must prioritize implementing comprehensive strategies that encompass early detection, rapid remediation, and a strong focus on developer education and best practices. It is crucial for businesses to proactively address these concerns and strengthen their security posture to safeguard their sensitive data and maintain their competitive edge.”

“It is encouraging that security leaders increasingly recognize the importance of securing machine identities and eliminating hardcoded secrets,” said Kurt Sand, GM Machine Identity Security at CyberArk. “However, almost a quarter of the respondents still use manual systems to address leaks, highlighting the need to improve security, remediation and efficiency with automation. As the appetite for AI continues to drive the increase in machine identities, enterprises require automated machine identity security approaches that scale.”

While organizations are demonstrating increased awareness and investment in secrets management—with 77% planning to invest in related tools by 2025—the rising incidence of secrets leaks (79% of organizations) signals that the challenge continues to grow alongside digital transformation.

Learn how your organization can embed security at every layer: the tools and technologies, the processes (like IR and security testing), and the people involved. Help your developers work faster while maintaining security.

DevSecOps Blueprint



Source link