anonym.legal

By · Last updated 2026-03-29

Späť na blogBezpečnosť AI

39 miliónov unikov na GitHub: Riziko AI pri kodovani

67 % vyvojarov neumyselne vystavilo tajne informacie v kode (GitGuardian 2025). Na GitHube uniklo 39 miliónov tajnych informacii v roku 2024, o 25 % viac medzirocne.

March 29, 20268 min čítania
GitHub secret leaksdeveloper AI securitycredential exposureMCP Server protectionGitGuardian 2025

39 miliónov prihlasovacich udajov uniklych za jeden rok

Sprava GitHub Octoverse 2024 zistila, ze na GitHube unili 39 miliónov tajnych informacii v roku 2024. To je medzirocný narast o 25 % oproti roku 2023. Tajne informacie zahrnaju API kluce, databazove retazce, autentifikacne tokeny a cloudove poverovanie.

Pricina je znama. Vyvojari commituju kod so tajnymi informaciami vo vnutri. Tajne informacie pochádzaju z debugovacich relacii. Alebo su natvrdo zakodovane namiesto ulozenia v environmentalnych premennych. Pri 39 miliónoch unikov toto nie je ojedinele. Je to bezne.

Nastroje AI pridavaju druhy kanal uniku

Vyskum GitGuardian z roku 2025 zistil, ze 67 % vyvojarov neumyselne vystavilo tajne informacie v kode. Rovnake navyky, ktore vytvaraju uniky na GitHube, vytvaraju aj uniky nastrojov AI.

Vyvojar vlozi kod do Claude, ChatGPT alebo ineho AI asistenta kvoli pomoci. Tento kod casto obsahuje live poverovanie. Model AI prijme tajomstvo. Moze ho ulozit v historii konverzacie. Posle ho na servery poskytovatel. Vyvojar strati kontrolu - bez varovania.

Tri priklady:

Ladenie databazy. Vyvojar vlozi stack trace. Trace obsahuje pripojovaci retazec. AI si precita aj heslo.

Prezkum pipeline. Vyvojar zdiela skript datovej pipeline. Skript obsahuje pristupovy kluc AWS a tajny kluc. AI dostane oba.

Prezkum integracie API. Vyvojar poziadá o spatnu vazbu na integraciu. Kod obsahuje live kluc API partnera. Kluc opusti siet vyvojara.

V kazdom pripade je ciel legitimna pomoc. Unik prihlasovacich udajov je vedlajsi ucinok poskytovania dostatocneho kontextu AI. To je rovnaky vzorec ako uniky na GitHube - nie zlomyselny, len bezny.

Pipelines CI/CD celja rovnakemu riziku

Uniky tajnych informacii z pipeline CI/CD vzrastli v roku 2024 o 34 %. Skripty buildu, konfiguracie nasadenia a infrastrukturne kod subory prechádzaju cez kontrolu AI. Tieto subory casto obsahuju cloudove poverovanie a tokeny servisnych uctov.

Ked nastroje AI pokryvaju viac cyklu vyvoja - kontrola, dokumentacia, ladenie, optimalizacia - s nimi rastie aj plocha expozicie.

Ako architektura MCP blokuje uniky

Pre tymy pouzivajuce Claude Desktop alebo Cursor IDE, architektura MCP servera (Model Context Protocol) umiestni filter prihlasovacich udajov na cestu medzi vyvojarom a modelom AI.

MCP server spracovava kazdy text, ktory prechádza cez relaciu. Vlozeny kod, stack traces, konfiguracne subory, kontext ladenía - vsetko prechadza krokom anonymizacie pred tym, ako to model uvidi.

Motor hlada vzory prihlasovacich udajov: formaty API klucov, databazove retazce, OAuth tokeny, hlavicky sukromnych klucov a vlastne formaty, ktore definuje vas bezpecnostny tym. Kazda zhoda je nahradena tokenom pred odoslanim.

Ako to vyzera v praxi:

Vyvojar vlozi stack trace s databazovym pripojovacím retazcom. MCP server nahradi retazec s [DB_CONNECTION_1]. AI vidi trace s tokenom na mieste. Poskytne pomoc s ladením zalozenu na anonymizovanej verzii. Skutocne poverovanie nikdy neopustilo internu siet.

Toto zastavi rovnaky vector uniku, ktory naplna GitHub tajnymi informaciami. Kanal je iny - nastroje AI, nie git commity - ale opravenie funguje rovnako: zablokuj to pred odoslanim.

Pozrite si nas prehlad bezpecnosti o tom, ako anonym.legal toto riesi napriec nastrojmi AI a pracovnymi tokmi dokumentov, a centrum zhody pre kontroly auditov.

Detekcia po skutocenosti je prilis neskoro

Niektore tymy pouzivaju post-commit skenovanie na zachytenie uniknutych tajnych informacii. GitGuardian a truffleHog funguju dobre pre kanal GitHub. Nepokryvaju relacie nastrojov AI.

Ked tajomstvo dosiahne servery poskytovatel AI, expozicia je hotova. Skenovanie ho nachadza az potom. Anonymizacia na vrstve MCP zastavi dostanie sa k modelu vobec.

39 miliónov unikov na GitHub dokumentuje jeden kanal. Expozicia nastrojov AI je rovnaky problem v kanali s mensim monitoringom a bez auditneho zaznamu. Prevencia pred odoslanim pokryva oba.

Zdroje

Súvisiace články

Bezpečnosť AI

AI Coding Assistants Leak Production PII

Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.

Bezpečnosť AI

Internal Wiki PII: Confluence Customer Data

Support teams document processes with screenshots of customer accounts. Over 3 years, that's thousands of GDPR data minimization violations in your.

Bezpečnosť AI

Screenshot PII: Leaks in Internal Tools

Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.

Pripravení chrániť vaše údaje?

Začnite anonymizovať PII s 285+ typmi entít v 48 jazykoch.

Začať bezplatnú skúšobnú verziuZobraziť funkcie

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.