As digital transformation accelerates, businesses are facing increasing challenges in security management, particularly in managing sensitive credentials. According to recent surveys by GitGuardian and CyberArk, the complexity of modern application architectures and the proliferation of non-human identities have significantly increased the pressure on organizations to enhance their security measures.
In a survey of 1000 IT decision-makers, 79% of respondents reported that their organizations had experienced or were aware of secret leaks, an increase from 75% the previous year. This indicates a growing prevalence of secret leak issues. To address these challenges, organizations allocate an average of 32.4% of their security budgets to secret management and code security. By 2025, it is projected that 77% of organizations will be investing or planning to invest in secret management tools, with 75% focusing on secret detection and remediation tools, demonstrating a proactive stance on this issue.
Image source note: The image was generated by AI, provided by the image licensing service Midjourney
The survey also revealed that 74% of respondents have implemented at least partially mature anti-leakage strategies, but 23% (a decrease of 4% from 2023) still rely on manual review or lack clear strategies, indicating gaps in security awareness or proactive measures among some businesses. Meanwhile, 75% of respondents expressed moderate to high confidence in their organization's ability to detect and prevent hardcoded secrets in source code. This figure rises to 84% in the United States. On average, it takes 27 days to fix leaked secrets, but with secret detection and remediation solutions, this time can be reduced to about 13 days within a year, according to GitGuardian.
However, with the rapid development of AI, concerns about the risk of codebase leaks are also increasing. 43% of respondents believe that AI may learn and replicate patterns containing sensitive information, thereby increasing the risk of leaks. Additionally, 32% point out that hardcoded secrets are a key risk point in the software supply chain. Human factors are also of concern, with 39% of respondents worried about inadequate security reviews of AI-generated code, indicating a clear gap between the application speed of AI technology and security measures.
Eric Fourrier, CEO of GitGuardian, noted that the survey results highlight the escalating threat of secret leaks, and organizations need to adopt robust automated solutions to mitigate these risks. Kurt Sand from CyberArk also emphasized the necessity of security and automation, as nearly a quarter of respondents still rely on manual systems to address leak issues, despite increasing focus on protecting machine identities and eliminating hardcoded secrets.
Despite enhanced awareness and investment in secret management, the 79% of organizations experiencing leaks indicate that this challenge is not easing as digital transformation accelerates.
Key Points:
🌐 79% of organizations have experienced secret leaks, increasing security management pressure.
💰 An average of 32.4% of security budgets are allocated to secret management and code security, with 77% planning to invest in related tools by 2025.
🤖 The development of AI raises concerns about code leak risks, with 43% of respondents worried that AI may replicate sensitive information.