AI Coding Assistants Drive Surge in Secret Leaks on GitHub

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

In 2025, AI-assisted coding tools, notably Claude Code, doubled the rate of secret leaks in public GitHub commits compared to human developers. GitGuardian reported a 34% year-over-year increase, with nearly 29 million secrets exposed, escalating security risks for organizations and digital infrastructure worldwide.[AI generated]

Why's our monitor labelling this an incident or hazard?

The report explicitly links AI-assisted code commits to a doubling of secret leak rates, with concrete numbers showing 29 million secrets leaked in 2025 and a 34% year-on-year increase. The AI systems (e.g., ClaudeCode) are directly involved in generating code that contains exposed credentials, which is a clear violation of security and can lead to harm such as breaches and unauthorized access. The harm is realized and ongoing, not just potential. The involvement of AI in causing or contributing to this harm meets the criteria for an AI Incident, as the AI system's use has directly led to significant harm related to cybersecurity breaches and exposure of sensitive information.[AI generated]
AI principles
Privacy & data governanceRobustness & digital security

Industries
Digital securityIT infrastructure and hosting

Affected stakeholders
Business

Harm types
Economic/PropertyReputationalPublic interest

Severity
AI incident

Business function:
Research and development

AI system task:
Content generation


Articles about this incident or hazard