GitHub
We've curated 9 cybersecurity statistics about GitHub to help you understand how vulnerabilities in open-source code and supply chain threats are being addressed in 2025. This insight is crucial for developers and organizations alike!
Related Topics
Top Vendors
Showing 1-9 of 9 results
12% of organizations detected employee exposure to malware via GitHub each month in 2025.
65% of the 50 leading AI companies analyzed had leaked verified secrets on GitHub.
In one specific case (an AI50 Company with no disclosure permission), a HuggingFace token found in a deleted fork allowed access to about 1K private models. The leak also included multiple WeightsAndBiases API keys belonging to organizational employees that leaked training data for many private models
Almost half of the disclosures regarding leaked secrets by leading AI companies on GitHub either failed to reach the target or received no response.
The company with the smallest footprint that still had verified leak instances had 0 public repositories and 14 organization members.
The total valuation of the companies with verified secret leaks is over $400B.
The company with the largest footprint without an exposed secret had 60 public repositories and 28 organization members.
There are a total of 20,000 MCP server implementations on GitHub.
There are an estimated 20,000 repositories in GitHub implementing open-source Model Context Protocol (MCP) servers.