top of page

9 key takeaways from the State Of Secrets Sprawl 2026: Urgent action for Vietnam's CIO

For Chief Information Officers (CIOs) and CISOs in Vietnam, managing large-scale development teams often involves a high-stakes trade-off between security and speed. Under the pressure of tight deadlines, developers frequently resort to hardcoding API keys, platform authentication tokens, or database passwords directly into source code to ensure systems go live as quickly as possible.

Ignoring this security bottleneck leads to quantifiable financial damage. There have been numerous cases where businesses faced cloud infrastructure bills (AWS, Azure) amounting to billions of VND in just a few days because hackers seized leaked API keys to run unauthorized cryptocurrency mining clusters. Worse yet, an entire customer database can be encrypted by ransomware simply because a snippet containing access credentials was accidentally pushed to a public GitHub repository.


Key areas of action for CIOs in Vietnam
Key areas of action for CIOs in Vietnam

GitGuardian's "The State of Secrets Sprawl 2026" report, recently analyzed by The Hacker News, provides sobering data on the scale of this contagion. Here are the 9 critical takeaways technology leaders must grasp.

The 9 pillars of the State Of Secrets Sprawl 2026 report

1. Record-breaking leak volumes

In 2025 alone, GitGuardian’s scanning systems detected 28.65 million secrets directly embedded and leaked across public repositories. This represents a 34% increase from the previous year, proving that traditional security controls are no longer keeping pace with the velocity of modern code production.

2. Internal repositories carry 6x more risk

Organizations often operate under the false assumption that internal codebases are inherently safe because they sit behind a firewall. The data proves otherwise: Internal repositories are 6 times more likely to contain exposed secrets than public ones. Once an attacker breaches the perimeter, the internal system provides a buffet of valid credentials for deep lateral movement.

3. Leakage speed outpaces workforce growth

The volume of leaked secrets is growing faster than the global population of developers. Since 2021, the rate of secret exposure has increased at 1.6 times the rate of developer expansion. Manual code review processes have become effectively obsolete against this sheer volume of data.

4. AI adoption multiplies security errors

While AI-assisted coding tools boost productivity, the rate of secret leakage in AI-generated code is double the average. 

AI adoption multiplies security errors
AI adoption multiplies security errors

Furthermore, credentials specifically related to AI services themselves surged by 81%, reaching 1.27 million incidents.

5. The dominance of Non-Human Identities (NHI)

Modern networks thrive on machine-to-machine communication. The ratio of Non-Human Identities (service accounts, bots, API tokens) to actual human users in the enterprise is now at 100:1. The lack of monitoring for this identity group remains a massive blind spot in privilege governance.

6. Sprawl beyond the repository

Risk is not confined to Git. Roughly 28% of credential exposures originate from internal collaboration tools like Slack, Jira, and Confluence, or are stored as plaintext files on employee workstations.

7. 97% of organizations faced an identity incident

The report notes that 97% of organizations encountered at least one identity-related incident in the past year, with 70% of those stemming from AI-integrated projects and activities.

8. Remediation stagnation

Disturbingly, data shows that 64% of valid secrets leaked as far back as 2022 have yet to be revoked and remain functional in early 2026. Developers often delete the offending line in the current version, but the version control history (commit logs) keeps the credential alive and retrievable.

9. The mandate: Move from "Scanning" to "Full Management"

To combat the scale of Secret Sprawl, reactive scanning tools are merely a band-aid. Organizations require a comprehensive Secrets Lifecycle Management mechanism that includes periodic automated rotation and instant revocation upon the detection of anomalous access behavior.

The solution: Transitioning to automated DevSecOps

Understanding these 9 points is the first step in risk identification. However, to handle millions of existing lines of code and the daily influx of new commits, CIOs cannot rely on policy memos or asking developers to "be more careful."

Transitioning to automated DevSecOps
Transitioning to automated DevSecOps

Organizations must implement Shift-left Security by establishing a mature DevSecOps workflow. Rather than struggling to build this from scratch, many enterprises in Vietnam are partnering with specialized security consultants like IPSIP Vietnam to audit their infrastructure and integrate secret management solutions directly into the CI/CD pipeline.

Establishing this security architecture brings clear measurable benefits:

  • Operational visibility: Gain 100% visibility of every credential across the entire infrastructure—from code repos and CI/CD systems to chat tools. Release speed increases as the system automatically blocks "dirty" commits at the developer's machine without disrupting the broader workflow.

  • Risk and cost reduction: Eliminate up to 90% of supply chain attack risks by sanitizing source code early. IT and security teams save hundreds of hours of manual code review monthly. Most importantly, organizations prevent multi-billion VND cloud overages and avoid the legal nightmare of a customer data breach.

Frequently Asked Questions (FAQ)

What direct financial damages does Secret Sprawl cause?

The largest immediate costs usually stem from hackers hijacking cloud API keys (AWS, Google Cloud, Azure) to run crypto-mining operations, causing corporate bills to skyrocket within days. Additionally, there are costs associated with system downtime for forensics and legal compensation if user data is exfiltrated.

Why doesn't deleting the API key from the code in Git solve the leak?

Git is a version control system that stores every historical change. Deleting a line in the latest version only hides it from the "current" view; the original secret remains fully intact in the commit history. Anyone with access to the repo can easily roll back or inspect previous commits to retrieve it.

What is the standard procedure when a credential leak is discovered?

The priority is Rotate and Revoke. First, access the original service provider’s dashboard (e.g., AWS Console, partner API portal) to revoke the old key and generate a new one. Once the old key is rendered useless, only then should you proceed to clean up the source code and Git history.

-----

References:

  • The State of Secrets Sprawl 2026: 9 Takeaways for CISOs - The Hacker News / Ground News

  • Annual Report: The State of Secrets Sprawl 2026 - GitGuardian

Comments


follow ipsip vietnam.png
40051abd5a76713af8f015988fc6780e-blue-phone-icon-with-a-wave-on-it.webp
whatsapp-mobile-software-icon-png-image_6315991.png
pngtree-minimal-calendar-icon-vector-png-image_21233134.png
IPSIP logo transparent.png

IPSIP VIETNAM ONE MEMBER LIMITED LIABILITY COMPANY (IPSIP VIETNAM OMLLC)

Tax code: 0313859600

🏢 SH05.01, B4 Street, Saritown Area, An Khanh Ward, Ho Chi Minh City, Vietnam

​☎  +84 918 397 489

  • Linkedin
  • Facebook
  • TikTok
  • Email liên hệ
png-clipart-iso-iec-27001-information-security-management-iso-iec-27002-international-orga
soc 2 type ii

Our Services

Sign up to receive in-depth cybersecurity documents and news from IPSIP Vietnam.

bottom of page