AI coding is fueling a secrets-sprawl crisis few CISOs are containing
Summary
AI-assisted coding is causing a rapid increase in leaked secrets (authentication credentials and API keys), with AI-related secrets exposed jumping 81% in 2025 alone, because developers prioritize speed and functionality over security reviews. When secrets are discovered, organizations should treat them as security incidents, immediately revoking or disabling the exposed credential, generating a new one, investigating system impact, performing cleanup, and hardening systems, followed by post-mortems to improve processes.
Solution / Mitigation
When a leaked secret is detected, organizations should: (1) activate their incident response process immediately; (2) revoke or disable the secret and generate a new one; (3) have the incident response team and R&D investigate the impact across systems and data; (4) perform cleanup and hardening; and (5) conduct post-mortems and implement necessary updates to systems or policies based on lessons learned. The source notes that the CISO office typically coordinates incidents while the R&D team owns actual revocation and cleanup.
Classification
Affected Vendors
Original source: https://www.csoonline.com/article/4171954/ai-coding-is-fueling-a-secrets-sprawl-crisis-few-cisos-are-containing.html
First tracked: May 18, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 85%