
In plain sight: hunting secrets shared in code
From Security Insights by securityinsights
May 28, 2026 · 30 min · Season 7 · Episode 8
About this episode
The episode discusses the issue of hard-coded secrets in code repositories and the impact of AI on this problem.
Security researchers have found millions of hard-coded secrets, in plain text, across both public and private code repositories. These include credentials, API keys, AI tokens and MCP configuration files. And AI is making the problem worse, with AI-assisted commits adding to this "secrets sprawl". Unless developers control how they manage secrets in their code, we are leaving the door open to malicious actors. And the growth of non-human identities (NHIs) only makes it worse. Our guest is Dwayne McDaniel, principal developer advocate at GitGuardian, which recently published their research into secrets sprawl.
People in this episode
Guest: Dwayne McDaniel
Topics covered
- secrets management
- code security
- AI in development
- hard-coded secrets
- developer advocacy
Keywords
- hard-coded secrets
- API keys
- credentials
- AI tokens
- secrets sprawl
- non-human identities
- security research
Mentioned in this episode
Organizations: GitGuardian
More episodes of Security Insights
- Founder interview: Benny Czarny, OPSWAT · June 11, 2026 · 30 min
- Security through community: Ameet Jugnauth, ISACA · May 14, 2026 · 30 min
- Resilience, recovery and living through a cyber attack: VNOG · May 1, 2026 · 30 min
- Quantum, cryptography and Q Day: are we ready? · April 16, 2026 · 30 min
- DDoS: complex attacks, persistent threats · April 2, 2026 · 30 min
- CISO Interview: Mike Baker, DXC Technology · March 19, 2026 · 29 min
Explore listener stats, chart rankings, contacts and more on the Security Insights podcast page.