In plain sight: hunting secrets shared in code

In plain sight: hunting secrets shared in code

From Security Insights by securityinsights

May 28, 2026 · 30 min · Season 7 · Episode 8

About this episode

The episode discusses the issue of hard-coded secrets in code repositories and the impact of AI on this problem.

Security researchers have found millions of hard-coded secrets, in plain text, across both public and private code repositories. These include credentials, API keys, AI tokens and MCP configuration files. And AI is making the problem worse, with AI-assisted commits adding to this "secrets sprawl". Unless developers control how they manage secrets in their code, we are leaving the door open to malicious actors. And the growth of non-human identities (NHIs) only makes it worse. Our guest is Dwayne McDaniel, principal developer advocate at GitGuardian, which recently published their research into secrets sprawl.

People in this episode

Guest: Dwayne McDaniel

Topics covered

  • secrets management
  • code security
  • AI in development
  • hard-coded secrets
  • developer advocacy

Keywords

  • hard-coded secrets
  • API keys
  • credentials
  • AI tokens
  • secrets sprawl
  • non-human identities
  • security research

Mentioned in this episode

Organizations: GitGuardian

More episodes of Security Insights

Explore listener stats, chart rankings, contacts and more on the Security Insights podcast page.