1、TA B L E O F CO N T E N T SForeword 52023 Map of Leaks 8Industry Leaks 9Secrets Detectors 10Focus:GenAI Secrets Leaks 14Ranking File Extensions by Their Leakiness 15What Happens After a Secret Leaks?17Remediation Efforts 17Revoked secrets 19Zombie Leaks:a Hidden Threat 20DMCA Takedown Notices:a Last

2、 Resort to Stop Leaks?22AI for Secrets Detection 23How Good Can LLMs Be at Detecting Secrets?24Powering Secrets Detection with AI:GitGuardians Approach 27Are You Sure to Know Where Your Secrets Are?29Unveiling Secret Exposures with HasMySecretLeaked 29Solving Secrets Sprawl 37Awareness&Training 38Co

3、mbining Secrets Detection&Management 40Preventing Leaks&Breaches 42About GitGuardian 44Appendix 45Definitions 45Methodology 46The State of Secrets Sprawl 2024DATA ANALYSIS BY GITGUARDIANSee What Happens After a Public Leak?See Industry leaksTHE STATE OF SECRETS SPRAWL 2024MENU4ForewordIt is not a se

4、cret.Hard-coded credentials have long been a primary cause of security incidents in the software world.Yet,with the growing complexity of digital supply chains,secrets sprawl is the Achilles heel for organizations of all sizes and security postures.GitGuardian has been at the forefront of identifyin

5、g and reporting hard-coded secrets for the past four years.Remarkably,the incidence of publicly exposed secrets has quadrupled in this time,with a staggering 12.8 million occurrences detected on GitH in the last year alonea 28%increase from 2022.“In 2023 for the first time,compromised credentials to

6、ok the top spot in root causes of attacks.In the first six months,compromised credentials accounted for 50%of root causes,whereas exploiting a vulnerability came in at 23%.”Verizons 2023 Data Breach Investigations ReportTHE STATE OF SECRETS SPRAWL 2024MENU5The proliferation of 50 million new code re