As digital transformation deepens, enterprises face increasingly severe security challenges, especially in sensitive credential management. The latest investigation shows that the problem of secret leakage is becoming increasingly serious, which puts huge pressure on the organization. This article will analyze the findings, explore the current status, challenges and future trends of organizations in dealing with secret leaks, and focus on new risks posed by AI technology.
With the acceleration of digital transformation, enterprises are facing increasingly greater challenges in security management, especially in managing sensitive credentials. According to the latest survey by GitGuardian and CyberArk, the complexity of modern application architectures and the popularity of non-human identities have doubled the pressure on organizations in terms of security protection.
In a survey of 1,000 IT decision makers, 79% said their organizations had experienced or were aware of the secret leak, up from 75% the previous year. This shows that the prevalence of secret leaks is increasing. To address these challenges, an average of 32.4% of the organization’s security budget is used for secret management and code security. It is estimated that by 2025, 77% of organizations are investing or planning to invest in secret management tools, with 75% focusing on secret detection and repair tools, which shows their determination to actively deal with this issue.
The survey also showed that 74% of respondents have implemented at least partially mature leak prevention strategies, but 23% (down 4% from 2023) of organizations rely on manual reviews or no clear strategy, indicating that some businesses There are still shortcomings in safety awareness or proactive measures. Meanwhile, 75% of respondents expressed medium- and high levels of confidence in their own organization’s ability to detect and prevent hard-coded secrets in source code. In the United States, this proportion is as high as 84%. The average time to repair secrets is 27 days, and according to GitGuardian data, this time can be shortened to about 13 days in a year after implementing secret detection and repair solutions.
However, with the rapid development of AI, concerns about the risk of codebase leaks are also increasing. 43% of respondents believe that AI may learn and reproduce patterns containing sensitive information, thereby increasing the risk of leakage. Furthermore, 32% pointed out that hard-coded secrets are a key risk point in the software supply chain. The human factor is equally worrying, with 39% of respondents expressing concerns about the insufficient security review of AI-generated code, indicating a clear gap between the speed of application of AI technology and security measures.
GitGuardian CEO Eric Fourrier said the findings highlight the intensification of the threat of secret leaks and organizations need to adopt strong automated solutions to mitigate these risks. Meanwhile, CyberArk's Kurt Sand also pointed out that despite increasing emphasis on protecting machine identity and eliminating hard-coded secrets, nearly a quarter of respondents rely on artificial systems to solve leaks, emphasizing security and automation necessity.
Despite increased awareness and investment in secret management, the leaks experienced by 79% of organizations still indicate that this challenge has not been mitigated as digital transformation accelerates.
Key points:
79% of organizations have experienced secret leaks and increased pressure on security management.
On average, 32.4% of the security budget is spent on secret management and code security, and 77% plan to invest in related tools by 2025.
The development of AI has raised concerns about the risk of code leakage, with 43% of respondents worried that AI will copy sensitive information.
In short, companies need to actively respond to the growing risk of secret leakage, increase investment in security management, and make full use of automation tools and technologies to improve security protection capabilities. At the same time, we need to pay attention to the new challenges brought by AI technology and formulate corresponding security strategies to ensure that digital transformation is carried out safely and reliably.