Adopt
GitGuardian is the market leader in secret detection, covering 500+ secret types across code repositories, CI/CD pipelines, and collaboration tools. Its 2026 State of Secrets Sprawl report found 28.65M new hardcoded secrets on public GitHub in 2025 — with AI-service secrets surging 81% YoY and Claude Code-assisted commits showing a 3.2% secret-leak rate (vs 1.5% baseline).
Why It Matters for AI-Assisted Development
AI coding tools are doubling secret leak rates. GitGuardian is the most comprehensive defense:
- ML-Enhanced Detection: Combines deterministic pattern matching with a lightweight fine-tuned code-LLM (not external APIs) for classification. An ML-powered "FP Remover" cuts 50% of false positives. Scans ~10M documents/day.
- ggmcp Server: An MCP server for scanning and remediating secrets via natural language, detecting 500+ secret types — purpose-built for AI agent workflows.
- NHI Governance: Expanding from secret detection into Non-Human Identity governance, tracking machine identities (82-144 per human in enterprises).
- Public Monitoring: Scans all of public GitHub. Found the Smithery.ai MCP registry vulnerability (path traversal exposing 3,243 apps and thousands of API keys).
Strengths
- Broadest detection coverage (500+ secret types)
- ML-enhanced low false positives
- Public monitoring catches leaks even outside your org's repos
- MCP server for AI-native workflows
- Expanding into NHI governance
Limitations
- Enterprise pricing can be steep
- Collaboration tool scanning (Slack, Jira) is an add-on
- Closed-source core platform (though
ggshieldCLI is open source)
Pricing
- Free: Up to 25 developers
- Business/Enterprise: Per developer, contact sales (~$18/dev/month estimated)