AI Code Assistants Are 2× More Likely to Commit Secrets

GitGuardian identified AI-assisted repositories by the presence of .github/copilot-instructions.md, Cursor configuration files, or Copilot-attributed commit metadata. Comparing these repos against the broader population:

The effect is stronger for solo developers because they are less likely to have peer code review before pushing. In teams with enforced pull request reviews, the multiplier drops to 1.4× - still elevated, but with human oversight catching some AI-generated mistakes.

The mechanisms are multiple and interact with each other:

Modern AI coding assistants use large context windows that can include dozens of open files. A typical developer workflow might have:

• ▸app.ts open in the main editor
• ▸.env.local open in a second tab for reference
• ▸An integration test file open in a third tab

The AI assistant sees all three files. When it generates code in app.ts that uses an OpenAI client, it may complete the initialization with the actual key value from the open .env.local file, rather than the environment variable reference.

This is particularly likely when the AI is completing test code or example snippets where hardcoded values are common in training data.

GitGuardian found that AI-assisted developers push approximately 3.2× more commits per day than non-AI-assisted developers in the same repositories. This is the primary driver of the 2.1× leak rate - more commits means more exposure surface.

If we control for commit volume and look at leaks per commit, the AI-assisted rate is only 1.3× higher - elevated, but much less dramatic. The majority of the risk comes from velocity, not from AI tools making developers less careful per commit.

This suggests that the most effective mitigation for AI-assisted development is pre-commit scanning - catching the occasional mistake before it leaves the machine - combined with making any accidentally committed credential worthless by design.

A less common but more insidious pattern is when an AI tool suggests a string that matches a real secret format - for example, a placeholder string that happens to be in the sk-proj- format that OpenAI uses. A developer who accepts this suggestion without inspection may commit a string that pattern scanners flag as a real key.

This creates a different kind of problem: false alarms in secret scanning pipelines that erode trust in the tooling, leading to alert fatigue and legitimate warnings being ignored.

// AI completes your OpenAI initialization with a "placeholder" that
// matches the real key format and gets flagged by scanners:
const openai = new OpenAI({
  apiKey: "sk-proj-exAmPlEkEy123456789abcdefghijklmnopqr",
  //        ↑ AI generated this from training context - not a real key,
  //          but scanners treat it as one
});

The answer is not to stop using AI tools - the productivity gains are real. The answer is to combine controls that work with high-velocity AI-assisted workflows: