If you're using AI to write code, you're probably shipping secrets too. It's more common than you'd think.
It takes minutes for bots to start using your AWS account to mine crypto. Many startups have been greatly affected by this, some even needing to close.
Over 28 million secrets like API keys found in GitHub repositories in 2025, 34% more than in 2024. And even if you're doing everything right to store them, they can still end up in places where end-users can find them.
It's probably a good idea to scan your code for secrets before going live. You can do so for free locally with Trestle.
Nice post! I liked how you naturally pitched your product at the end.
By the way, I'm building an AI tools directory called FutureStack. I think Trestle would fit well under our Developer Tools category. Feel free to submit it if you're interested!