A new report from GitGuardian found that 29 million secrets were exposed in public GitHub commits in 2025. API keys, database passwords, auth tokens, just sitting in code for anyone to find. The worst part: commits generated with AI assistance leaked secrets at roughly double the rate of human-only commits.

This isn't surprising if you've been paying attention. AI coding tools are powerful, but they're quietly adding layers of complexity that most people don't realize they're signing up for.

The complexity keeps growing

A post that hit the front page of Hacker News this week argued that multi-agentic software development is fundamentally a distributed systems problem. The author makes a solid case: even if the next generation of AI models are dramatically smarter, the coordination problem between multiple agents is mathematically hard. It's the same class of problem that has kept distributed systems engineers employed for decades.

Meanwhile, new tools like Kontext CLI are popping up specifically to manage credentials for AI coding agents. We now need specialized security infrastructure just to keep our AI dev tools from leaking our keys.

The stack for "just building an app" in 2026 looks something like this: pick an AI coding agent, configure credential management for it, set up your database, wire up authentication, manage deployment pipelines, coordinate multiple agents across your codebase, and pray nothing leaks. 12 of the top 15 fastest-growing leaked secret types were AI services.

This is backwards

For developers building complex systems, this tooling evolution makes sense. Systems engineers should absolutely care about agent coordination and credential lifecycle management.

But most people building apps aren't systems engineers. They're founders who need a customer portal. Small teams who want internal tools. Korean businesses that need a booking system or inventory tracker.

These people don't need to understand distributed consensus protocols or credential brokers. They need their app to work, be secure, and go live.

That's what we built DontCode for. Database, auth, deployment, security, all pre-configured. Our AI is fine-tuned specifically for app building. It's not a general-purpose coding agent that needs a separate tool to manage its own API keys. You describe what you want, you get a working app. No leaked secrets because there are no secrets to manage.

Two tracks

I think we're watching the dev tools market split into two clear tracks. One is for engineers who want more control, more agents, more infrastructure to orchestrate. The other is for everyone else who just wants to build something and ship it.

Both tracks are valid. But if you're on the second track and you're still fighting with code, credentials, and deployment configs, you're on the wrong road.

If you want to build apps without worrying about any of this, give DontCode a try.