When Matt Schlicht built Moltbook, a social network where AI agents talk to each other, he didn’t write the code himself. “He just had an idea,” and he wrote it with a vibe. The social network was launched on Jan. 28, 2026, and within days, security researchers began to notice major security flaws.
Experts from cloud security company Wiz and, independently, researcher Jameson O’Reilly, discovered that Moltbook’s back-end database, hosted on Supabase, was improperly configured. As a result, it provided broad read and write access to field data.
“The exposure includes 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents,” Wiz researchers noted in a blogpost.
In normal software development, a secret leak usually comes from a bug. Often, a developer hard-codes a key, copies the wrong configuration file, or pushes internal code to a public repository. With AI-assisted coding, those errors can happen quickly and often go unnoticed, because speed and performance are prioritized over security.
Given the rise in popularity of vibe code, the problem is accelerating. “The speed at which we are building and the small amount of code would have been unimaginable even a few years ago,” said Dwayne McDaniel, principal developer advocate at GitGuardian.
By 2025, public codes will increase by more than 40% compared to the previous year, and secrets will increase just as quickly. Security firm GitGuardian reported a 34% increase in leaked secrets on GitHub last year – the largest spike in history – bringing the total to nearly 29 million leaked details.
“12 of the top 15 fastest growing revenue streams were AI services,” McDaniel said. More than 1.27 million AI-related secrets were disclosed by 2025, marking an 81% year-over-year increase, the fastest growth recorded in any single category.
McDaniel covers these certifications in several broad areas: the LLM platforms themselves, the support and tuning system, the AI control plane, Model Context Protocol (MCP) servers, and coding assistants.
“I worry a lot about the volume of code that AI generates and the speed at which developers review it,” said Christine Bejerasco, CISO of WithSecure. “That can lead to more vulnerable code, especially since AI models at the forefront are now able to identify vulnerabilities at scale.”
Leaks of secrets require an immediate response
Most organizations know deep down that they have a problem with AI-generated code. However, some do not see the seriousness of the situation, how many secrets are revealed in all their systems.
If a leaked secret is discovered, the matter should be treated as a security incident. “We’re opening our incident response process immediately,” said WithSecure’s Bejerasco.
The secret is revoked or closed, and a new one is generated. “From there, the incident response team works with R&D to investigate the impact on all systems and data. That’s followed by cleanup, then hardening,” he said. “Although events are often coordinated by the CISO’s office, the R&D team is the real owner of the decommissioning and cleanup.”
The organization conducts postmortems and implements any necessary revisions to programs or policies based on the findings.
Although adjustment is important, the process is far from straightforward. According to GitGuardian, 64% of active secrets identified in 2022 remain unrevoked by 2026, largely because many organizations lack the governance and repeatable processes needed to clean them up at scale.
“We think this is not a physical problem and a combination of priorities, tools, and ownership,” said GitGuardian’s McDaniel.
Adoption is the easy part, says Rohan Gupta, vice president of cloud, security, and DevOps at R Systems. “Correction is where discipline is tested.”
Dealing with a wider issue
As AI-assisted coding proliferates, security leaders must rethink how they manage risk. That means looking beyond the stacks and discovering the software development life cycle (SDLC), including the collaboration tools where evidence often emerges.
“We focus on both, but the risk profile is very different – what’s identified in Jira or Slack is very different from what you’ll find in your code repository,” said David MacKinnon, chief security officer at N-able. “A mature SDLC – which includes things like efficient validation, segregation of duties, source code scanning, segregated dev, staging/production environments, and more – helps reduce business risk.”
At WithSecure, Bejerasco says secrets and agent access are kept “as temporary as possible” to reduce risk. And there is a Lifecycle Security Policy in place that mandates code reviews. “This policy is the developer’s security bible,” he says. “It includes privacy impact assessments, threat modeling, security testing, and code reviews.”
Gupta’s IR Systems agrees, advising organizations to exchange information, retract exposed versions, scan for unauthorized use with any disclosure window, and remove from history wherever possible. “For long-tail legacy service accounts, third-party integrations, embedded vendor data rotation is still a manual joint effort, and we’re slowly moving more of it to automation,” he said.
An important step in fixing a problem is knowing that it exists. “If an organization doesn’t know how many secrets it’s exposing in its code base, or the level of access to those secrets, it has a huge amount of business risk it doesn’t know about,” said N-able CSO MacKinnon.
He advises CISOs to be aware of the scale of the problem. And he suggests stronger developer training, better tools to detect and manage risks, and solutions that enable both human development and AI to work safely. The most important thing, he says, is to embed these practices into everyday workflows so that security is part of the way code is written, not something added after the fact.
.
His organization examines the secrets if the code is committed to prevent any commitment that could endanger the products. “The creator of that code, whether human or AI, is held to the same level of security maturity,” MacKinnon said.
Bejerasco agrees. “We have to be willing to give ownership early and continue to validate it, and weed out anything that falls through the cracks,” he said. Besides, these unmanaged secrets and secrets will be collected faster than we can control them.
Advice for CISOs
If there’s one clear lesson from the rise of AI-driven development, it’s this: The biggest mistake CISOs can make is treating the proliferation of secrets as a scanning problem. “It’s really a problem of ownership and ownership of machines at scale,” McDaniel said.
The Guptas moved forward. “Leaked privacy is a symptom of the Ungoverned non-human identity (NHI) problem,” he said. “Treat it as discovery and reaction, and you’ll be chasing rewards forever. Treat it like identity management – list all NHI, assign identities, use temporary credentials, choose workload identification over static keys, automate swapping, stop hard work – and the problem starts to shrink instead of grow.”
And while public leaks draw attention, the disclosure of many secrets builds privately — in internal repositories, build systems, and developer workflows — where ownership is unclear and fixes are often delayed.
“Private companies tend to make the mistake of saying they are safe, and that means they have fewer eyes,” said Gupta. “In private spaces, people are lax. Just because they feel unconscious, the guard can be let down. All it takes is one supply chain issue or someone walking out an unauthorized door.”
The real danger lies in the rate at which NHIs are being built faster than organizations can keep up with them. “The smartest CISOs right now are pushing their DevOps and dev teams to adopt better authorization management methods than long-lived, bad-ass API keys,” he said.
For WithSecure’s Bejerasco, security issues related to AI-generated code are urgent. “The appetite for AI adoption among organizational leaders is high right now, and we need to manage that risk even though the power and control is not yet fully mature,” he said.
However, despite the urgency, the industry is still figuring out how to respond. “I don’t think anyone has the right answers yet; we’re all building governance as we go,” Bejerasco said. As AI agents become more widespread, traditional methods may not keep up, and organizations may need to use AI to help manage AI, he adds.
MacKinnon believes that CISOs should not be alone in this. They should get CEOs and CTOs on board and explain to them that “the risks are real and pervasive.”
“There’s no perfect time to deal with it, but investing in proactively mitigating that risk is much easier and cheaper than learning about it after it’s used to put your company at risk,” MacKinnon said.
