Coding agents are transforming development productivity, but they bring with them a security problem that is worsening faster than the industry can react.
GitGuardian’s annual report, published in March 2026, documents 28.65 million hardcoded secrets added to public GitHub commits in 2025 — a 34% year-over-year increase, the largest jump on record. AI-related secrets grew 81%, and eight of the ten fastest-growing detectors were linked to AI services.
The most alarming signal: Claude Code-assisted commits showed a 3.2% leak rate, more than double the 1.5% baseline across all GitHub commits.
The Problem Is Not Theoretical
Multiple independent investigations confirm that credential leakage by coding agents is a real and quantifiable problem:
-
Lakera scanned the npm registry and found 33 packages with live credentials in
.claude/settings.local.jsonfiles. Claude Code stores approved terminal commands (including prepended API keys) in this file, and npm includes the hidden folder by default when publishing packages. Roughly 1 in 13 configuration files uploaded to npm exposed sensitive data. -
Check Point Research discovered critical vulnerabilities in Claude Code (CVE-2025-59536, CVE-2026-21852) that allowed remote code execution and API key exfiltration through malicious project files, exploiting the Hooks system, MCP servers, and environment variables.
-
Truffle Security found ~12,000 live API keys and passwords in the Common Crawl training data used to train LLMs like DeepSeek. This means models not only facilitate leaks — they themselves learned from data that already contained secrets.
-
Veracode reported that 45% of AI-generated code contains security vulnerabilities, with Java reaching a 70% failure rate.
Who Is to Blame?
The answer is not simple. GitGuardian notes that “leaks still occur through a human workflow” — 96.8% of Claude Code-assisted commits contained no secrets. The agent is not the origin of the secret, but the vector that propagates it when the developer provides credentials in the terminal or .env files.
On social media, the discussion reflects this ambiguity. A Reddit thread sums it up: “putting production API keys in your local .env file is not security. That’s not a Claude Code problem.”
But the scale of the problem is real. 28 million secrets are not simply “human error.” They are a signal that the coding agent workflow needs better protections by default.
Rafter and the Tool Ecosystem
The YouTube video that originated this research mentions Rafter, a security scanning tool for AI-generated code. Rafter (rafter.so) combines open-source analyzers (Betterleaks, Trivy, Bandit) with a proprietary AI review layer. However, no independent audits verify its effectiveness — confidence in its claims is low until external validation exists.
Other more established tools (Snyk, Semgrep, CodeQL, GitHub Advanced Security) offer similar protection with longer track records of verification.
What to Do
Responsibility is shared. Anthropic published best-practice guides for API keys and patched the vulnerabilities reported by Check Point. But the ultimate solution lies in the developer’s workflow:
- Never put API keys in local files. Use environment variables or secret managers.
- Review every agent suggestion before accepting it. The agent doesn’t know what a secret is.
- Add .npmignore or .gitignore for folders like
.claude/that agents create automatically. - Use pre-commit hooks with secret detectors (GitGuardian, truffleHog, Gitleaks).
- Treat AI-generated code like third-party code. Scan it before deploying.
Coding agents are not going away — and they shouldn’t. But their mass adoption demands that developers update their security practices at the same pace.
Sources: GitGuardian State of Secrets Sprawl 2026 · Check Point Research — Claude Code CVEs · Truffle Security — 12,000 Live Secrets · TechTalks — Claude Code npm leak · Veracode GenAI Report