Secrets Leakage Remains a Blind Spot: Unseen Threats in Plain Sight

Introduction: The Overlooked Threat in Cybersecurity

The misuse of credentials and secrets has become a silent yet powerful menace in today’s increasingly connected digital world. Secrets leakage remains a major and enduring blind spot in organizational security, according to the 2025 Verizon Data Breach Investigations Report (DBIR). The negligent handling of access tokens, API keys, and other secrets continues to put organizations at danger, even in the face of increased awareness and advancements in other cybersecurity areas.

Widespread Secrets Leakage in Public Repositories

Researchers found hundreds of thousands of secrets leakage showed in public code repositories. These included database connection strings, cloud infrastructure access keys, development and CI/CD credentials, and web application infrastructure secrets. The prevalence of GitLab tokens, which made up half of all development and CI/CD secrets discovered in these exposes, was especially notable.

With 39% of the information, web application infrastructure secrets accounted for the largest percentage of disclosures. JSON Web Tokens (JWTs), which are often used for session management and authentication, made up 66% of this group. The prevalence and risk of insecure cloud setups were highlighted by the significant representation of Google Cloud API keys, which accounted for 43% of cloud infrastructure secrets.

Top categories of exposed secrets in public git repos

(Source: Verizon)

Secrets Leakage Timeline: 94 Days to Close the Gap

The median repair time for secrets that have been revealed is 94 days, which is the most concerning number from the DBIR. This shows that crucial credentials that could have allowed access to enterprise environments were available to the public for more than three months. Before detection or mitigation takes place, these delays provide threat actors enough of time to find and take advantage of these secrets (Verizon, 2025).

Given that secrets discovered in archives might offer prominent levels of access, the long reaction time is very risky. Attackers can enter systems directly and covertly by using tokens and API keys, which often get beyond conventional username/password security measures.

Distribution of days to remediate leaked secrets in git repositories

(Source: Verizon )

The Third-Party and Shadow IT Risk

The median repair time for revealed secrets is 94 days, the most concerning number from the DBIR. This says that crucial credentials that could have allowed access to enterprise environments were available to the public for more than three months. Before detection or mitigation takes place, these delays provide threat actors enough of time to find and take advantage of these secrets (Verizon, 2025).

Secrets Leakage and Ransomware: An Alarming Correlation

The leakage of secrets is not merely a hypothetical concern. According to the DBIR, ransomware occurrences and revealed secrets are strongly correlated. Verizon discovered that 54% of firms attacked by ransomware had their domain show up in credential dumps by comparing dark web marketplace listings and infostealer logs with known ransomware victim domains. Corporate email addresses were among the exposed data in 40% of the situations (Verizon, 2025).

This link implies that access brokers criminals who sell or lease stolen credentials to ransomware organizations are taking advantage of exposed information. Once inside, attackers have complete impunity to turn off security measures, encrypt data, or steal confidential information.

Distribution of difference in days between ransomware posting and infostealer log discovery

(Source: Verizon)

How Vehere Detects and Responds to Secrets Leakage in Real-Time

Detecting Anomalous Network Behaviour from Leaked Credentials
Vehere’s NDR utilizes behavioural analytics and AI/ML models to detect abnormal system behaviours, including those resulting from leaked credentials. It finds and holds post-breach activities such as ransomware, Advanced Persistent Threats (APTs), insider threats, or lateral movements.
Threat Intelligence Integration for Known Compromised Credentials
Vehere’s solution consumes millions of Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), integrating threat intelligence feeds to pre-emptively block known compromised credentials and other threats.
Monitoring for Unauthorized API Access
Vehere’s AI Network Security shows lateral movement patterns characteristic of AI-driven APTs targeting API gateways. By analysing behavioural anomalies in encrypted and non-encrypted traffic, it detects attackers exploiting API access to pivot across systems.
Real-Time Lateral Movement and Privilege Escalation Detection
Vehere’s NDR detects lateral movements and the entire attack lifecycle in real time. It provides full context and one-click investigation workflows for every detection, using artificial intelligence to at once end harmful connections and hold network threats.
Forensics and Incident Response
Vehere’s NDR offers advanced network forensics capabilities, supporting security incident response and investigation of the source of an incident. It analyses and reconstructs attack timelines, providing evidence for legal proceedings.
Securing Third-Party Access
While specific details on securing third-party access are not explicitly mentioned, Vehere’s NDR provides comprehensive network visibility and advanced threat detection, which can be instrumental in monitoring and securing third-party access points within the network.

In summary, Vehere’s NDR solution comprehensively addresses the detection, response, and forensics needs associated with anomalous network behaviour, credential-based threats, API security, lateral movement, privilege escalation, and incident response.

Conclusion: Bring Secrets into the Security Spotlight

Leakage of secrets is no longer a specialized problem. Every industry and all sizes of businesses are affected by this systemic risk. These insignificant mistakes can have far-reaching effects, ranging from financial theft and espionage to ransomware assaults, as the 2025 DBIR proves.

Organizations must change their approach and make secrets management a top cybersecurity priority if they want to stay ahead of their enemies. The moment to act is now, whether it is through enhanced training, better tooling, or more stringent policy enforcement. The biggest ship can be sunk by the slightest leak in the digital era.

Do not let exposed secrets compromise your network. See how Vehere’s NDR detects and contains credential-based threats, book your live demo today.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

AI Network Security

AI Counter-Terrorism

Products

AI Network Security

AI Counter-Terrorism

Solutions

Industries

Company

Learn

Contact Us