In response to disclosure, automated notification and outreach were used to contact affected parties, including generating emails with Claude Sonnet 3.7 and a Python script; some organizations revoked secrets, while others remained exposed.

A security researcher scanned 5.6 million public GitLab Cloud repositories and found 17,430 verified live secrets across 2,804 unique domains, with a higher secret density than a prior Bitbucket scan.

Many leaked secrets are newer than 2018, though some from 2009 were still valid at discovery, showing long-lived exposure in certain cases.

The overall takeaway is that automated, large-scale secret discovery across public code repositories reveals substantial exposure risk and underscores the need for proactive secret management and disclosure responses.

GCP credentials were the largest category of leaked credentials, with over 5,200 instances, followed by MongoDB keys, Telegram bot tokens, and OpenAI keys; more than 400 GitLab keys were also found.

The research yielded around $9,000 in bug bounties, and several organizations revoked secrets, though exposure persisted for some domains.

The article references related scans on Bitbucket Cloud (6,212 secrets in 2.6 million repos) and the Common Crawl dataset (about 12,000 secrets in AI training data), providing context on the scale of exposure across platforms.

Total estimated cost for scanning the public GitLab Cloud repositories with this approach was $770.

Researchers used Luke Marshall’s setup: TruffleHog via a custom pipeline that enumerated repositories through the GitLab public API, queued results in AWS SQS, and ran scans with AWS Lambda at 1,000 concurrent workers, completing in just over 24 hours.

As MCP (Model Context Protocol) becomes common for connecting LLMs to tools and data, the piece notes ongoing security risks and highlights cheat sheets and best-practice resources for MCP environments.