Book a Call
HighVibe CodeUpdated March 8, 2026

GitHub Copilot Autocomplete Leaks Hardcoded AWS Credentials Into Public Repos

AI coding assistants are trained to complete patterns — and when a developer types a variable named 'API_KEY', the model helpfully fills in a real-looking secret. Thousands of those completions are ending up committed and pushed to public repositories.

Original Story: AI coding assistants are causing developers to leak secrets into public repos
secret-exposureinsecure-coding-practicesGitHub CopilotAWSNode.js

What Happened

In early 2024, security researchers at GitGuardian published findings showing a measurable spike in hardcoded secrets being committed to public GitHub repositories — correlated with the widespread adoption of AI coding assistants like GitHub Copilot and Cursor. Across millions of public commits scanned, tokens matching AWS access key patterns, Stripe secret keys, and database connection strings appeared in freshly generated code files at a higher rate than in the pre-AI baseline.

The mechanism is straightforward: AI autocomplete models are pattern-completing engines. When a developer starts typing const DB_PASSWORD = ", the model predicts what comes next based on patterns in its training data — and produces something that looks real. Many developers, especially those building fast with vibe coding tools, accept completions without carefully reviewing every character. The secret gets committed, pushed, and indexed by GitHub's search within minutes.

The impact ranged from individual AWS accounts racking up thousands of dollars in fraudulent compute charges (common with crypto mining bots that scan for exposed keys within seconds of a push) to Stripe payment keys being used to initiate fraudulent refunds. Several small dev shops reported waking up to suspended cloud accounts and zero-dollar bank balances.

This problem disproportionately hits small teams and solo developers who rely heavily on AI tooling to move fast — the exact demographic that builds on vibe coding platforms like Lovable, Bolt, and Replit.

The Security Flaw

This is a secret exposure vulnerability — specifically, the practice of embedding credentials directly in source code (hardcoding) rather than loading them from environment variables or a secrets manager at runtime. It's been a known anti-pattern for decades, but AI tools introduce a new acceleration vector.

The root cause has two layers. First, developers treat AI completions as trusted output rather than as suggested code requiring the same scrutiny as code written by an unknown junior developer. Second, most AI coding environments (IDE extensions, web-based editors) don't have built-in pre-commit secret scanning — the tooling assumes the human will catch it.

This flaw is dangerous for several reasons. Secrets committed to a public repo are immediately available to anyone — including automated bots that scan GitHub continuously for patterns matching known credential formats. Even if you delete the file in the next commit, the secret lives forever in git history unless you perform a full history rewrite. And even in private repos, secrets in code represent a ticking clock: if the repo ever becomes public, gets forked to the wrong place, or is accessed by a compromised contributor account, those credentials are exposed with no warning.

The combination of AI speed (generating 50 lines in 3 seconds) and human review fatigue (hard to carefully read 50 auto-generated lines) makes this one of the highest-velocity vulnerability classes in modern software teams.

Our Recommendation

Before you commit:

  • Install a pre-commit secret scanner. Gitleaks and detect-secrets are free, open source, and integrate with Husky (which you likely already have). A blocked commit takes 2 seconds to fix; a leaked AWS key can take days.
  • Never accept an AI completion that includes a string that looks like a token, password, or key. If Copilot fills in AKIA... — that's a signal to stop and check, not to tab-complete.

Secrets management:

  • Load all credentials from environment variables. Use .env.local locally; use your platform's secrets manager (AWS Secrets Manager, Vercel Environment Variables, Doppler) in production.
  • Add .env* to your .gitignore before your first commit — not after.
  • Rotate any key that has ever existed in a git commit, even briefly, even in a private repo.

If it already happened:

  • Revoke the credential immediately — before you rewrite history, before you open a ticket. Speed matters; bots are faster than humans.
  • Use git filter-repo (not git filter-branch) to remove the secret from history, then force-push and notify all collaborators to re-clone.
  • Enable GitHub Secret Scanning on your organization — it will alert you if a known-format secret appears in any future push.

For teams using vibe coding tools:

  • Treat every AI-generated file as untrusted input. Read it before you commit it.
  • Set up branch protection rules requiring at least one human review before merge to main.
  • Consider a repository-level .gitleaks.toml config that runs in CI on every pull request.

Expert Resources