How to Set Up Automated Secrets Detection in AI-Assisted Pull Requests

AI-assisted commits leak secrets at twice the baseline rate — and most teams discover the problem after the credential is already in version history. GitGuardian's 2026 State of Secrets Sprawl report found 28.65 million new hardcoded secrets added to public GitHub in 2025 — a 34% year-over-year increase. Repositories where AI coding agents are active run at a 6.4% secret-leak rate versus 4.6% across all repos — a 40% premium that arrives the moment your team adopts these tools.

Why AI Coding Agents Multiply Secret Exposure

The mechanism is direct. AI coding agents are trained on public repositories that contain real hardcoded credentials. When an agent generates integration tests, configuration scaffolding, or deployment boilerplate, it reproduces credential patterns from that training data. The developer reviews logic correctness — not credential hygiene — and the PR gets approved.

The problem extends beyond source files. GitGuardian found 24,008 unique secrets in MCP-related configuration files on public GitHub — many introduced because official quickstart documentation models API keys inline in config examples. Developers copy the pattern without recognizing the exposure. AI service credentials — API keys for LLM providers and embedding services — grew 81% year-over-year in 2025.

The exposure window compounds the damage. 64% of credentials identified as active in 2022 remained unrevoked as of January 2026. A secret that reaches version history at merge rarely gets rotated — even when detected months later.

Three Detection Layers That Catch Secrets Before Merge

No single control is sufficient. Defense in depth means catching secrets as early as possible, with each layer acting as a fallback for the one before it.

Layer 1: Pre-commit hooks

Pre-commit hooks run on the developer's machine before a commit is finalized. They provide the lowest-latency feedback in your stack. The pre-commit framework makes setup straightforward: add a .pre-commit-config.yaml to your repository, reference a secrets-detection hook, and every contributor gets automatic scanning on every commit attempt.

For AI-heavy codebases, extend the default ruleset to cover patterns specific to AI-generated output: inline API keys in test fixtures, service account JSON embedded in scaffolding, and database connection strings written into example .env files. Consult GitHub's 2026 secret scanning pattern documentation to identify which secret types are most prevalent and worth adding to your local hook configuration.

Layer 2: CI/CD PR scanning

Pre-commit hooks are bypassable. Any developer can pass --no-verify, and GUI Git clients typically skip hooks entirely. A CI-based scan on every pull request is non-bypassable by individual contributors and runs consistently regardless of local tooling.

Configure the workflow to trigger on pull_request events, scan both the diff and the full branch history, and fail the status check on any detected secret. Pay specific attention to AI agent workspace files — mcp.json, .cursor/mcp.json, and .claude/settings.json are the fastest-growing sources of credential leaks in AI-assisted projects.

Layer 3: Repository-level push protection

Enable secret scanning with push protection at the organization or repository level. This blocks pushes containing known credential patterns before they reach the remote — before CI even runs. Unlike the first two layers, push protection operates at the platform level. Bypassing it requires an explicit override with a logged reason that is visible to security teams, creating an audit trail where none would otherwise exist.

What to Do Now

1. Add a pre-commit hook today. Add ggshield or detect-secrets to .pre-commit-config.yaml and commit the config file so every developer inherits it automatically on next clone or pull.

2. Add a CI step for PR scanning. Create a workflow that triggers on pull_request, runs a secrets scanner against the full branch history, and blocks merge on failure. Treat this as a required status check — not advisory.

3. Enable push protection at the organization level. Turn on secret scanning with push protection in your platform's organization security settings. This catches secrets that slip past local tooling.

4. Add .gitignore rules for AI agent config files. Explicitly ignore .cursor/, .claude/, and local MCP configuration files that may contain API keys set during agent initialization.

5. Set a rotation SLA for any credential already in history. Historical scans routinely surface secrets that have been live for years. Establish a 24-hour SLA for rotating any active credential detected, regardless of when it was introduced.

These five steps close the most common gaps before AI-generated credentials cause a breach. If your team is operating AI coding agents at scale, you also need governance controls at the PR level — automated risk scoring that flags AI-generated changes for human review based on scope, file sensitivity, and security signals. re-entry.ai provides that layer on top of your existing scanner stack.