You’ve likely heard of Schrödinger’s Cat from quantum mechanics—both alive and dead until the box is opened. This paradox mirrors a critical risk in modern development: the secrets embedded in your code. You might assume they’re long deleted, but until you examine the depths of commit history, you can’t be certain. Recently, Aqua Nautilus team uncovered that secrets you thought were removed may remain exposed for years, waiting to be found by malicious actors. In fact, our research found that nearly 20% of sensitive data in GitHub repositories slips past traditional scanners.  

You’ve likely heard of Schrödinger’s Cat from quantum mechanics—both alive and dead until the box is opened. This paradox mirrors a critical risk in modern development: the secrets embedded in your code. You might assume they’re long deleted, but until you examine the depths of commit history, you can’t be certain. Recently, Aqua Nautilus team uncovered that secrets you thought were removed may remain exposed for years, waiting to be found by malicious actors. In fact, our research found that nearly 20% of sensitive data in GitHub repositories slips past traditional scanners.  Read More