Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

GitHub finds 39M reasons to upgrade security

GitHub detected 39 million leaked API keys and credentials in 2024. New tools, AI scanning, and policy upgrades are now rolling out to fight back.

byKerem Gülen
April 3, 2025
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

GitHub is beefing up its security after finding a staggering 39 million secrets—API keys, credentials, the works—leaking from repositories in 2024. This exposure puts users and organizations at serious risk.

According to GitHub’s report, this massive leak was detected by its secret scanning service, which identifies exposed API keys, passwords, and tokens within repositories.

“Secret leaks remain one of the most common—and preventable—causes of security incidents,” GitHub stated in its announcement, noting, “As we develop code faster than ever previously imaginable, we’re leaking secrets faster than ever, too.”

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Despite measures like “Push Protection,” launched in April 2022 and enabled by default on public repositories in February 2024, secrets continue to leak due to developers prioritizing convenience when handling secrets during commits and accidental repository exposure through git history.

To combat these leaks, GitHub is rolling out several new measures and enhancements:

  • Standalone secret protection and code security: Available as separate products, these tools no longer require a full GitHub Advanced Security license, aiming to be more affordable for smaller teams.
  • Free organization-wide secret risk assessment: Checks all repositories (public, private, internal, and archived) for exposed secrets, available to all GitHub organizations at no cost.
  • Push protection with delegated bypass controls: Enhanced push protection scans for secrets before code is pushed and allows organizations to define who can bypass the protection, thus adding policy-level control.
  • Copilot-powered secret detection: GitHub is leveraging AI via Copilot to detect unstructured secrets like passwords, aiming to improve accuracy and lower false positives.
  • Improved detection via cloud provider partnerships: GitHub is collaborating with providers such as AWS, Google Cloud, and OpenAI to enhance the accuracy of secret detectors and speed up responses to leaks.

“As of today, our security products are available to purchase as standalone products for enterprises, enabling development teams to scale security quickly,” GitHub explained. “Previously, investing in secret scanning and push protection required purchasing a larger suite of security tools, which made it too expensive for many organizations.”


Court dismisses billion-dollar claims against GitHub Copilot


Beyond GitHub’s upgrades, users are urged to take proactive steps to safeguard against secret leaks. Recommendations include enabling Push Protection at the repository, organization, or enterprise level to preemptively block secrets. GitHub also suggests eliminating hardcoded secrets by using environment variables, secret managers, or vaults.

The platform further advises using tools integrated with CI/CD pipelines and cloud platforms for programmatic secret handling, minimizing error-prone human interaction and potential exposure.

Lastly, GitHub encourages users to review the ‘Best Practices’ guide for comprehensive secrets management.


Featured image credit

Tags: Github

Related Posts

OpenAI retires Atlas browser to focus on new ChatGPT superapp

OpenAI retires Atlas browser to focus on new ChatGPT superapp

July 14, 2026
Microsoft tests Copilot’s new PC insights feature in Windows 11

Microsoft tests Copilot’s new PC insights feature in Windows 11

July 14, 2026
Xiaomi unveils SkyNomad N90 range-extender SUV

Xiaomi unveils SkyNomad N90 range-extender SUV

July 14, 2026
X algorithm update aims to make replies feel friendlier

X algorithm update aims to make replies feel friendlier

July 14, 2026
Windows 11 Search Box gets less clutter and more control

Windows 11 Search Box gets less clutter and more control

July 14, 2026
Pixel 11 leak shows bold magenta and peach colors

Pixel 11 leak shows bold magenta and peach colors

July 14, 2026

LATEST NEWS

OpenAI retires Atlas browser to focus on new ChatGPT superapp

Microsoft tests Copilot’s new PC insights feature in Windows 11

Xiaomi unveils SkyNomad N90 range-extender SUV

X algorithm update aims to make replies feel friendlier

Windows 11 Search Box gets less clutter and more control

Pixel 11 leak shows bold magenta and peach colors

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Amanda AI

InterviewBot

VernAI

MyLoans

Essay Grader AI

Cover Letter AI

Animate Old Photos

Resume.io

MonAI

AIEngine Plugin

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.