As cyber threats, such as artificial intelligence, enhance and become more pervasive, organizations find it even more difficult to handle non-human identities. A new analysis by GitGuardian reveals surprising secrets manager-related vulnerabilities. This discovery suggests that organizations employing these tools could be at an increased risk of secret leakage. The cybersecurity environment is changing at an unprecedented pace. Alongside its development, pushing for non-human identity risks have particularly taken center stage, with ‘Secret Leakage’ becoming the number one risk to non-human identities in the OWASP Top 10 for 2025.
Even more troubling, compromised credentials are used in more than 81% of security breaches. According to GitGuardian’s latest findings, 5.1% of repos that implement secrets managers still suffer from secrets leakage. Public repositories lacking these tools have a slightly higher prevalence of 4.6%. This information points to a conclusion that, even when they have the best management tools in the world, organizations still need to be careful.
GitGuardian’s automated discovery solution is thus a key ally in the fight against these vulnerabilities. By passively scanning environments, it keeps an up-to-the-minute inventory of secrets full of helpful contextual metadata. This new capability increases visibility into non-human identities and helps organizations develop a more accurate picture of the risk posed by their non-human identities.
The Growing Risks of Secrets Leakage
In an era where organizations are becoming more dependent on non-human identities, secrets leaking has become a serious concern. Based on GitGuardian’s internal analysis, organizations today juggle an average of six separate secret management instances. The more tools you add, the more complexity—and potential for security gaps—you introduce. This can lead to neglect or mishandling of sensitive personal data.
Our OWASP Top 10 Non-Human Identity Risks for 2025 explicitly identifies ‘Secret Leakage’ as the second ranked risk. This award shows that there is ever more need for organizations to adopt strong security practices to protect their most guarded secrets. GitGuardian’s NHI Security Platform addresses these blind spots by offering centralized visibility over all non-human identity secrets across an organization’s infrastructure.
Additionally, data from CyberArk show that two-thirds (68%) of organizations have experienced an outage due to a missing or expired certificate. Over the past year, 72% have experienced these incidents, including 34% who have experienced them repeatedly. These statistics show the dire necessity for proper care and administration of non-human identities. Through vigilant monitoring of them, we can avoid interruptions and maintain operational continuity.
Enhancing Visibility and Remediation
In order to address the potential dangers of secrets leakage, GitGuardian offers a comprehensive detection and remediation solution that seamlessly integrates with widely-used secrets managers. This integration provides deep contextual insights to help locate owners and make it easier to target remediation efforts. GitGuardian automatically aggregates and normalizes usage data from all these different sources. This gives organizations the centralized visibility they need to better understand and manage their non-human identity management.
GitGuardian’s continuous monitoring capabilities are key to spotting candidates for decommissioning. Executing this proactive, continuous approach allows organizations to proactively eliminate unneeded or obsolete secrets that create potential attack vectors within their systems. The platform’s automated discovery feature adds another layer of security, making it easy and convenient for organizations to keep a constantly updated inventory of their secrets with confidence.
GitGuardian demonstrates its NHI Security capabilities through a 20-minute live demo, allowing potential users to understand how the platform can effectively secure their non-human identities. This hands-on approach facilitates better comprehension of the tools available for managing security risks in an increasingly complex digital environment.
The Need for Proactive Security Measures
As the cybersecurity landscape rapidly changes around us, it is crucial that organizations take proactive steps to address risks tied to non-human identities. GitGuardian’s findings should serve as a wake-up call to organizations everywhere. Or, they fail to appreciate just how important it is to do secrecy well.
Organizations need to accept that the sandbagging of secrets managers isn’t enough to truly be secure. The evidence shows that despite having all of these tools in place, there’s room for vulnerabilities. It’s time for organizations to level up their secret management game. As a start, they can begin to do this by building in continuous monitoring and automated discovery capabilities from platforms like GitGuardian.
