📄 中文摘要
2024年,公共GitHub上泄露了2380万个新秘密,同比增长25%。其中70%的秘密在两年后仍然活跃。GitGuardian的研究显示,使用GitHub Copilot的代码库,其秘密泄露率比基线高出40%。在一项受控测试中,Copilot平均每个提示生成3.0个有效秘密。AI代理虽然能快速编写代码,但却无法理解秘密的含义及其重要性,导致在发布时可能带来安全隐患。针对这一问题,提供了实际的防御措施。
AI代理不理解秘密。这是你的问题。
出处: AI Agents Don't Understand Secrets. That's Your Problem.
发布: 2026年3月1日
📄 English Summary
AI Agents Don't Understand Secrets. That's Your Problem.
In 2024, 23.8 million new secrets were leaked on public GitHub, marking a 25% year-over-year increase, with 70% of these secrets still active two years later. Research by GitGuardian revealed that repositories using GitHub Copilot have a 40% higher secret leak rate compared to the baseline. In a controlled test, Copilot generated an average of 3.0 valid secrets per prompt across 8,127 code suggestions. While AI agents can write code quickly, they lack an understanding of what a secret is, why it matters, and the potential consequences when such secrets are shipped. Practical defenses against these issues are discussed.