If you're using AI to write code, you're probably shipping secrets too. It's more common than you'd think.

It takes minutes for bots to start using your AWS account to mine crypto. Many startups have been greatly affected by this, some even needing to close.

Over 28 million secrets like API keys found in GitHub repositories in 2025, 34% more than in 2024. And even if you're doing everything right to store them, they can still end up in places where end-users can find them.

It's probably a good idea to scan your code for secrets before going live. You can do so for free locally with Trestle.