We’ve all done this, and more. We create accounts everywhere: OTT platforms, banks, NBFCs, gaming apps, e-commerce, quick commerce, telecom, and social media. Then we forget about them. Worse, we reuse the same passwords across platforms. In security terms, this expands the attack surface and creates easy openings for hackers.
The same problem exists inside enterprises. It’s often called “secret sprawl.” Credentials, passwords, API keys, tokens—they spread quietly across codebases, documents, and tools.
The problem begins small. A developer hard-codes a key into source code to meet a deadline. The code is pushed to a repository, copied into logs, shared over email, pasted into tickets or fed into AI coding tools for debugging. Each step creates a new, unmanaged copy. Over time, the secret travels—across teams, tools and platforms—without oversight.
This is what makes secrets crawl dangerous. The attack surface expands quietly. Even when a key is rotated, older versions often remain active elsewhere. According to industry estimates, exposed secrets are now among the leading causes of cloud breaches, API abuse and supply-chain attacks.
The rise of generative AI has accelerated the risk. Employees routinely paste production code—and sometimes live credentials—into chatbots, pushing secrets beyond enterprise security perimeters. Its now big enough an issue that CISO/ Cyber security and IT policies take note ( see infographic) .
.png)
AI plays a dual role in managing secrets sprawl. It is both a powerful tool for detection and, paradoxically, a contributor to the problem itself. On the defensive side, AI can help in in real time monitoring at scale, potentially expanding the ability of teams to detect and action; real time risk based assessments, triggering alerts/ defensive action much faster than ever; Ai could also be crafted for automated key rotation at scale, thereby reducing one attack vector.
AI can also be the problem! It could suggest insecure patterns or detection. And it may generate keys- compounding the very problem it was created to solve!
Clearly AI is not a one-stop solution. It still needs a lot of human intelligence and final control.
No comments:
Post a Comment