GitHub has introduced major updates to its Advanced Security platform after detecting over 39 million exposed secrets during 2025. These included API keys, credentials, and tokens—critical elements that, if exposed, pose serious cybersecurity risks to developers and organizations.
According to GitHub’s new report, its built-in secret scanning tool detected the leaked data. This tool scans for sensitive information like passwords and tokens across public and private repositories.
“Secret leaks remain a major, yet preventable, cybersecurity threat,” GitHub stated in its recent announcement.
Despite existing features like Push Protection, which blocks known secrets before commits, leaks continue to occur. This feature became active by default in all public repositories in February 2025. Yet developers still expose secrets, often prioritizing speed and ease over security. Git history and accidental commits also contribute to the ongoing issue.
GitHub Introduces New Standalone Security Features
To improve protection and reduce risks, GitHub rolled out several significant updates to its security platform.
“Our tools are now available as standalone products. This allows more teams to access advanced security without high costs,” GitHub explained.
Previously, secret scanning and other tools required a full GitHub Advanced Security license, which limited access for smaller teams. These changes remove that barrier, offering scalable options.
Key Updates to GitHub Advanced Security:
- Standalone Code and Secret Security: Teams can now access these tools separately without buying the full suite.
- Free Secret Risk Assessments: GitHub will provide free scans for all organization repositories, including private and archived ones.
- Improved Push Protection: New settings allow teams to define who can bypass secret scanning, adding control.
- AI-Driven Secret Detection: GitHub Copilot now powers secret detection, making it easier to catch unstructured secrets like passwords.
- Stronger Cloud Integration: GitHub collaborates with AWS, Google Cloud, and OpenAI to improve leak detection speed and accuracy.
Recommendations for Developers and Organizations
GitHub is also urging developers and teams to take proactive steps against secret leaks. Enabling Push Protection on all repository levels can block secrets before they’re added to the codebase.
Avoid hardcoding sensitive data in the source code. Instead, use environment variables, secret managers, or vault solutions. This helps limit exposure even during a breach.
Additionally, integrate secret management tools within your CI/CD pipelines. These automate handling and reduce manual errors, minimizing the chances of accidental leaks.
