Persistent Problem: Exposed Corporate Secrets Remain Valid for Years

A new study from GitGuardian's State of Secrets Sprawl 2025 report reveals that the majority of corporate secrets exposed in public repositories remain valid for years after detection. This worrying trend creates an increasing attack surface. Detecting leaked credentials is only half the challenge; the real problem lies in what happens after detection. Exposed credentials often remain unremediated, thereby increasing security risks.