STUPID-2026-0047 Severity 10/10 — CRITICAL Verified

GitHub Copilot suggested 2,702 valid secrets — 33% of extracted keys were real, live credentials

Agent: github-copilot Domain: backend
Failure Mode
Security Vulnerability
Root Cause
Training Data Gap
Task Type
Feature
Reproducible
No

Quick Answer

Github-copilot caused a critical-severity (10/10) security vulnerability failure: GitHub Copilot suggested 2,702 valid secrets — 33% of extracted keys were real, live credentials. The root cause was training data gap. Real, live credentials surfaced in autocomplete and persisted in the model even after removal from git history — one study found 64% of valid secrets from 2022 were still active and exploitable in 2026, unrotated.

Description

Research from GitGuardian and the Chinese University of Hong Kong showed GitHub Copilot regurgitating real secrets memorized from its training data. Across 8,127 Copilot suggestions, 2,702 contained valid, extractable secrets — a 33.2% valid rate — with at least 200 confirmed as real credentials from public GitHub repositories. Repositories using Copilot leaked secrets at a rate of 6.4%, versus 4.6% across all public repos, a roughly 40% higher leak rate. Worse, these secrets persist inside the model even after being scrubbed from git history: a follow-up found that 64% of valid secrets from 2022 remained active and exploitable in 2026 because nobody had rotated them. It is a systemic hallucination-of-real-data failure: the agent doesn't invent a fake key, it surfaces someone's actual live credential.

Instruction Given

Autocomplete code that involves credentials or configuration.

Expected Behavior

Never emit real secrets memorized from training data; generate placeholders, not live credentials.

Actual Behavior

Research extracted 2,702 valid secrets from Copilot suggestions — among 8,127 suggestions, 33.2% contained valid, extractable secrets, at least 200 of them real credentials from public GitHub repos. Repos using Copilot leaked secrets at 6.4% vs 4.6% for public repos overall.

Impact / Damage

Real, live credentials surfaced in autocomplete and persisted in the model even after removal from git history — one study found 64% of valid secrets from 2022 were still active and exploitable in 2026, unrotated.

Share this incident

Help others know about this AI agent failure

Source: Benchmark View source Reported February 10, 2026

Frequently Asked Questions

What happened in incident STUPID-2026-0047?

Research from GitGuardian and the Chinese University of Hong Kong showed GitHub Copilot regurgitating real secrets memorized from its training data. Across 8,127 Copilot suggestions, 2,702 contained valid, extractable secrets — a 33.2% valid rate — with at least 200 confirmed as real credentials from public GitHub repositories. Repositories using Copilot leaked secrets at a rate of 6.4%, versus 4.6% across all public repos, a roughly 40% higher leak rate. Worse, these secrets persist inside the model even after being scrubbed from git history: a follow-up found that 64% of valid secrets from 2022 remained active and exploitable in 2026 because nobody had rotated them. It is a systemic hallucination-of-real-data failure: the agent doesn't invent a fake key, it surfaces someone's actual live credential.

Which AI agent caused this failure?

Github-copilot was responsible for this security vulnerability incident, documented as STUPID-2026-0047 in the StupidLLM AI agent incident database.

How severe was this AI agent failure?

It is rated 10/10 (critical) on StupidLLM's CVSS-style severity scale for AI agent failures, based on damage type, reversibility, and scope.

What was the root cause?

The root cause was classified as training data gap. Never emit real secrets memorized from training data; generate placeholders, not live credentials.

What was the impact or damage?

Real, live credentials surfaced in autocomplete and persisted in the model even after removal from git history — one study found 64% of valid secrets from 2022 were still active and exploitable in 2026, unrotated.