AI learning mechanism may lead to increased code base leaks

As digital transformation accelerates, enterprises face growing challenges in security management, especially when it comes to managing sensitive credentials. According to the latest survey by GitGuardian and CyberArk, the complexity of modern application architecture and the popularity of non-human identities have doubled the pressure on organizations in terms of security protection.

In a survey of 1,000 IT decision-makers, 79% of respondents said their organization had experienced or was aware of a secret breach, up from 75% the previous year. This shows that the problem of secret leakage is becoming more widespread. To address these challenges, organizations spend an average of 32.4% of their security budgets on secrets management and code security. By 2025, 77% of organizations are expected to invest or plan to invest in secrets management tools, with 75% focusing on secrets detection and remediation tools, demonstrating their determination to proactively address this issue.

The survey also showed that 74% of respondents have implemented at least a partially mature anti-breach strategy, but 23% (down 4% from 2023) of organizations still rely on manual review or do not have a clear strategy, indicating that some enterprises There are still deficiencies in security awareness or proactive measures. Meanwhile, 75% of respondents expressed moderate to high confidence in their organization's ability to detect and prevent hardcoded secrets in source code. In the United States, this proportion is as high as 84%. On average, it takes 27 days to remediate leaked secrets. According to GitGuardian, after implementing a secret detection and remediation solution, this time can be shortened to about 13 days within a year.

However, as AI develops rapidly, concerns about the risk of code base leaks are also increasing. 43% of respondents believe that AI may learn and reproduce patterns containing sensitive information, thereby increasing the risk of breaches. Additionally, 32% pointed to hardcoded secrets as a key risk point in the software supply chain. The human element is also a concern, with 39% of respondents expressing concern about insufficient security reviews of AI-generated code, indicating a clear gap between the speed of adoption of AI technology and security measures.

Eric Fourrier, CEO of GitGuardian, said the findings highlight the growing threat of secret leaks and the need for organizations to adopt robust automated solutions to mitigate these risks. Meanwhile, CyberArk's Kurt Sand also noted that while security leaders are increasingly focusing on protecting machine identities and eliminating hard-coded secrets, nearly a quarter of respondents still rely on manual systems to resolve breaches, emphasizing security and automation. necessity.

Despite increased organizational awareness and investment in secrets management, the 79% of organizations experiencing breaches shows that this challenge is not abating as digital transformation accelerates.