GitGuardian’s 2025 State of Secrets Sprawl Report reveals an alarming expansion of credential exposure across enterprise environments, with collaboration tools emerging as a critical yet overlooked vulnerability.
Secrets Sprawl Reaches Record Levels
The cybersecurity landscape continues to face mounting challenges as GitGuardian’s latest research shows a 25% surge in exposed credentials across developer environments. In 2024 alone, nearly 24 million new hardcoded secrets were detected in public GitHub commits, continuing a disturbing upward trend in secrets sprawl.
Collaboration Tools: The New Frontier of Credential Exposure
While source code repositories have traditionally been the focus of secrets detection efforts, GitGuardian’s research reveals that collaboration and project management tools now represent an equally dangerous—and largely unmonitored—attack surface for organizations.
According to the report, platforms like Slack, Jira, and Confluence have become high-risk zones for leaked credentials. More concerning still, these leaks aren’t just more common—they’re more severe.
“38% of incidents in collaboration and project management tools were classified as highly critical or urgent, compared to 31% in Source Code Management Systems,” the report states. This higher criticality stems from several factors:
- Developers tend to be less cautious with secrets outside of code repositories
- Unlike SCM systems, collaboration tools lack built-in security controls like pre-commit checks
- Less security-aware employees frequently handle sensitive credentials in these tools
Perhaps most alarming is that these credential exposures represent an almost entirely new attack surface. The report found that only 7% of secrets appear in both SCM and collaboration tools—meaning organizations focusing solely on code scanning are missing 93% of the credentials exposed in collaboration platforms.
The Unique Risks of Different Collaboration Platforms
Each collaboration tool presents its own unique risk profile:
Messaging Platforms
Slack channels show a 2.4% leak rate across all channels analyzed, with approximately 1,500 channels per workspace in the average enterprise. The informal, real-time nature of these platforms makes them particularly vulnerable to casual sharing of credentials during troubleshooting or emergencies.
Ticketing Systems
Jira presents the highest leak rate at 6.1% of tickets containing at least one secret. With the average customer managing 150 projects, this creates numerous opportunities for credential exposure. Tickets often contain logs or configuration snippets with embedded authentication details that remain searchable indefinitely.
Documentation Platforms
While Confluence showed a lower leak rate at 0.5% of spaces, the persistent nature of wiki documentation means these exposed credentials often remain in place for years. Architecture diagrams, onboarding guides, and configuration documentation frequently contain hardcoded credentials “for convenience.”
Why Collaboration Tools Pose Such a Significant Threat
Several factors make collaboration tools particularly dangerous for secrets sprawl:
- Design limitations: Unlike code repositories, these platforms prioritize speed and collaboration over security, with no native secrets scanning or prevention capabilities.
- Widespread access: While code access might be limited to engineers, collaboration tools are used by diverse team members from support staff to executives, many without security training.
- False sense of security: The report found private repositories are 8 times more likely to contain secrets than public ones—suggesting users behave more carelessly in “private” spaces, incorrectly assuming that access restrictions equal security.
- No effective lifecycle management: Once posted in a chat, ticket, or document, secrets often remain indefinitely without systematic review or rotation.
- Difficult monitoring: The high message volume in these platforms makes real-time protection challenging, with Slack alone averaging thousands of messages daily in active workspaces.
The Impact of AI on Secrets Sprawl
The report also highlights another concerning trend: AI coding assistants may be worsening security practices. Repositories using GitHub Copilot showed a 40% higher incidence of secret leakage compared to the average. This suggests that as teams embrace AI for productivity gains, security practices may be suffering.
“This disparity can be attributed to two factors,” notes the report. “First, the code generated by Large Language Models may inherently be less secure. Second, and perhaps more significantly, the use of coding assistants may be pushing developers to prioritize productivity over code quality and security.”
Addressing the Full Spectrum of Secrets Sprawl
Effective secrets management requires a comprehensive approach that extends beyond code scanning. Organizations need to adopt a multi-faceted approach to combat secrets sprawl by deploying real-time detection mechanisms across all collaboration platforms while implementing robust validation systems that prioritize critical exposures.
Simultaneously, they should automate remediation workflows to drastically reduce the window between detection and resolution, and invest in comprehensive training programs that educate all team members—not just developers—on secure credential handling practices. Finally, organizations must consolidate their incident management processes to ensure that identical leaked credentials appearing across different platforms are treated as a single security event requiring coordinated response, rather than as isolated incidents that might receive inconsistent attention.
As the report concludes, “Secret leaks rarely remain isolated incidents. Instead, they typically serve as entry points for sophisticated attack chains that can compromise entire organizations and their supply chains. This reality demands a shift from simple secret detection to comprehensive secret lifecycle management and rapid incident response capabilities.”
Organizations that fail to extend their secrets detection beyond code repositories are addressing only a fraction of their actual risk surface, leaving critical credentials exposed in the very tools their teams use most frequently.
About the Author
Dwayne McDaniel, Senior Developer Advocate at GitGuardian. Dwayne has been working as a Developer Advocate since 2014 and has been involved in tech communities since 2005. His entire mission is to “help people figure stuff out.” He loves sharing his knowledge, and he has done so by giving talks at hundreds of events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and internationally in Paris and Iceland. Dwayne currently lives in Chicago.
Dwayne can be reached online at and at our company website http://www.gitguardian.com/
