When Matt Schlicht created Moltbook—a social network designed for AI agents to communicate—he didn’t write the code himself. Instead, he relied on vibe coding, guided purely by his vision. The platform launched on January 28, 2026, and within days, security researchers began uncovering significant vulnerabilities.
Experts from cloud security firm Wiz, along with independent researcher Jameson O’Reilly, found that Moltbook’s backend database—hosted on Supabase—was misconfigured. This flaw allowed unrestricted read and write access to sensitive platform data.
According to a blog post by Wiz researchers, the exposed data included 1.5 million API authentication tokens, 35,000 email addresses, and private messages exchanged between AI agents.
In traditional software development, secret leaks usually result from human error—like hardcoding a key, using the wrong config file, or accidentally pushing internal code to a public repo. With AI-assisted coding, these mistakes happen faster and are often overlooked, as speed and functionality take priority over security.
As vibe coding grows more popular, this problem is getting worse. “The pace of development and the sheer volume of code being produced would have been unthinkable just a few years ago,” says Dwayne McDaniel, principal developer advocate at GitGuardian.
In 2025, public code commits jumped over 40% compared to the previous year—and leaked secrets rose just as quickly. GitGuardian reported a 34% surge in exposed secrets on GitHub last year, the highest spike ever recorded, totaling nearly 29 million compromised credentials.
“Twelve of the top 15 fastest-growing types of leaked secrets were tied to AI services,” McDaniel notes. Over 1.27 million AI-related secrets were exposed in 2025—an 81% year-over-year increase, the fastest growth seen in any category.
McDaniel categorizes these credentials into several key areas: LLM platforms themselves, support and orchestration tools, AI control planes, Model Context Protocol (MCP) servers, and agentic coding assistants.
“I’m increasingly worried about how much code AI is pushing out and how quickly developers are reviewing it,” says Christine Bejerasco, CISO at WithSecure. “This can lead to more vulnerable code, especially since frontier AI models can now detect vulnerabilities at scale.”
Secrets leaks demand immediate action
Many organizations suspect they have issues with AI-generated code—but some don’t realize how severe the problem is or how many secrets are actually exposed across their systems.
When a leaked secret is discovered, it should be treated as a full-blown security incident. “We trigger our incident response process right away,” says Bejerasco of WithSecure.
The compromised secret is revoked or disabled, and a new one is issued. “From there, the incident response team collaborates with R&D to assess the impact across systems and data. That’s followed by cleanup and hardening,” she explains. “While the CISO’s office typically coordinates the response, the R&D team handles the actual revocation and cleanup.”
The organization then conducts post-mortems and updates systems or policies based on lessons learned.
Although fixing the issue is critical, the process is far from simple. GitGuardian reports that 64% of valid secrets identified in 2022 remain unrevoked in 2026—largely because many organizations lack the governance and repeatable processes needed to clean them up efficiently.
“We believe this is less about visibility and more about priorities, tooling, and ownership,” says McDaniel of GitGuardian.
Detection is the easy part, says Rohan Gupta, vice president of cloud, security, and DevOps at R Systems. “Remediation is where discipline gets tested.”
Tackling the bigger picture
As AI-assisted coding becomes more widespread, security leaders must rethink their approach to risk management. That means going beyond code repositories and securing the entire software development lifecycle (SDLC)—including collaboration tools where credentials often surface.
“We monitor both, but the risk profiles are very different—what shows up in Jira or Slack is nothing like what you’ll find in a code repo,” says David MacKinnon, chief security officer at N-able. “A mature SDLC—with practices like secure credential vaulting, separation of duties, source code scanning, and isolated dev, stage, and production environments—helps minimize business risk.”
At WithSecure, Bejerasco says secrets and agent access are kept “as transient as possible” to limit exposure. The company also enforces a Lifecycle Security Policy that mandates code reviews. “This policy is essentially the security ‘bible’ for developers,” she says. “It covers privacy impact assessments, threat modeling, security testing, and code review.”
Gupta of R Systems agrees, recommending that organizations rotate credentials, revoke exposed versions, audit for unauthorized use during any exposure window, and purge secrets from version history whenever possible. “For legacy service accounts, third-party integrations, and embedded vendor credentials, rotation is still a manual, coordinated effort—but we’re steadily automating more of it,” he says.
A crucial first step is recognizing the problem exists. “If an organization doesn’t know how many secrets are exposed in their codebase—or what level of access those secrets grant—they’re sitting on massive, unseen business risk,” says MacKinnon of N-able.
He urges CISOs to raise awareness about the scale of the issue. He also recommends stronger developer training, better detection and risk management tools, and solutions that let both human and AI-driven development work securely. Equally important, he says, is embedding these practices into daily workflows—so security becomes part of how code is written, not an afterthought.
His organization scans for secrets at commit time to block any code that would introduce risk. “The creator of that code—whether human or AI—is held to the same security standards,” MacKinnon adds.
Bejerasco agrees. “We need to be intentional about assigning ownership from the start and continuously validating it—and cracking down on anything that slips through,” she says. “Otherwise, unmanaged identities and secrets will pile up faster than we can control them.”
Guidance for CISOs
If there’s one clear takeaway from the rise of AI-driven development, it’s this: The biggest mistake CISOs can make is treating secrets sprawl as just a scanning problem. “It’s really an ownership and governance challenge for machine identities at scale,” says McDaniel.
Gupta takes it further. “A leaked secret is a symptom of ungoverned non-human identity (NHI) issues,” he says. “If you treat it as just detection and response, you’ll chase leaks forever. But if you treat it as identity governance—inventory every NHI, assign ownership, enforce short-lived credentials, prefer workload identity over static keys, rotate automatically, and decommission aggressively—the problem starts shrinking instead of growing.”
While public leaks grab attention, most secret exposure happens quietly—in internal repositories, build systems, and developer workflows—where ownership is unclear and fixes are often delayed.
“Private is often mistaken for safe, when really it just means fewer people are watching,” says Gupta. “Inside private repos, people relax. Because it feels contained, vigilance drops. All it takes is one supply-chain breach or someone leaving with unauthorized access.”
The real danger lies in the sheer number of NHIs being created faster than organizations can track them. “The smartest CISOs today are pushing their DevOps and dev teams to adopt better authorization methods than long-lived, overprivileged API keys,” he says.
To Bejerasco of WithSecure, the security risks tied to AI-generated code are urgent. “Leadership’s appetite for AI adoption is high right now, and we need to manage that risk—even though the tools and controls aren’t fully mature yet,” she says.
Yet despite the urgency, the industry is still figuring out how to respond. “I don’t think anyone has all the answers yet—we’re all building governance as we go,” Bejerasco says. As AI agents become more common, traditional methods may not keep up, and organizations might need AI to help govern AI, she adds.
MacKinnon believes CISOs shouldn’t face this alone. They should involve CEOs and CTOs, making it clear that “the risk is real and widespread.”
“There’s never a perfect time to address it, but proactively reducing that risk is far easier and cheaper than learning about it after it’s been exploited to compromise your company,” MacKinnon says.
