This matches what I've seen. The .env file is one vector, but the more common pattern with AI coding tools is secrets ending up directly in source code that never touch .env at all.

The ones that come up most often:

  - Hardcoded keys: const STRIPE_KEY = "sk_live_..."
  - Fallback patterns: process.env.SECRET || "sk_live_abc123" (the AI helpfully provides a default)
  - NEXT_PUBLIC_ prefix on server-only secrets, exposing them to the client bundle
  - Secrets inside console.log or error responses that end up in production logs

These pass type-checks and look correct in review. I built a static analysis tool that catches them automatically: https://github.com/prodlint/prodlint

It checks for these patterns plus related issues like missing auth on API routes, unvalidated server actions, and hallucinated imports. No LLM, just AST parsing + pattern matching, runs in under 100ms.