GitGuardian

𝗤𝟮 𝟮𝟬𝟮𝟱 𝗣𝗿𝗼𝗱𝘂𝗰𝘁 𝗥𝗲𝗰𝗮𝗽: 𝗚𝗶𝘁𝗚𝘂𝗮𝗿𝗱𝗶𝗮𝗻 𝗦𝗵𝗮𝗿𝗽𝗲𝗻𝘀 𝘁𝗵𝗲 𝗘𝗱𝗴𝗲 𝗼𝗻 #𝗦𝗲𝗰𝗿𝗲𝘁𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 & 𝗔𝗴𝗲𝗻𝘁𝗶𝗰 𝗔𝗜 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻!

Explore our advancements in secrets security across code, collaboration tools, and public repos. Dive into new Agentic #AI protection, #NHI lifecycle automation.

blog.gitguardian.com/q2-2025-reca...

From Secrets Sprawl to Secretless: Snowflake's Journey through NHI Lifecycle Management Learn how Snowflake is tackling NHIs, from secrets sprawl to a secretless architecture using GitGuardian for detection and Aembit for prevention.

Learn how Snowflake saved 10 hours per day for DevOps teams who were previously drowning in secret rotation hell, and remediated 50% of discovered secrets already. Insights from #SecDays {Virtual}
blog.gitguardian.com/from-secrets...

GitGuardian Launches its MCP Server: Putting Secrets Security in the Developers' Hands Empower your developers with GitGuardian's new MCP Server. Embed AI-driven secrets security directly into your IDE, streamline incident remediation, and secure code in real time.

Story: blog.gitguardian.com/gitguardian-launches-its-mcp-server-putting-secrets-security-in-the-developers-hands/

GitGuardian MCP Server

🚀 Introducing our #MCP Server!
Your #AI agents can now handle secrets security directly in your workflow:
• "Scan this code for leaked secrets"
• "Remediate all my project incidents"
• "Generate AWS honeytoken"
500+ secret types detected. Zero context switching.
Code: github.com/GitGuardian/gg-mcp

Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance Align your AI pipelines with OWASP AI Testing principles using GitGuardian’s identity-based insights to monitor, enforce, and audit secrets and token usage.

🎭 Don’t let your CI bots do the tango with secrets—OWASP’s AI Testing Guide + GitGuardian’s NHI secret-police = least privilege enforcement in every pipeline! 🛡️

blog.gitguardian.com/owasp-ai-tes...

SecDays Virtual 2025 🚀 | LinkedIn Join us for GitGuardian SecDays Virtual 2025 – a global event dedicated to securing Non-human Identities and their secrets in the age of AI agents. This year, we're bringing together the industry le...

We're live! 🤩 Join our SecDays {Virtual} event right now as we're discussing the expanding non-human identities attack surface: lnkd.in/e_NqGttp

✍️ Meet our new blog author, Andy Rea! In his latest piece, “Automated Guard Rails for Vibe Coding,” Andy shares how automation can let teams code with confidence—without losing sight of security or compliance blog.gitguardian.com/automated-gu...

#vibecoding #aiguardrails

The Role of AI and Compliance in Modern Risk Management: ShowMeCon 2025 The speakers at ShowMeCon 2025 explored why policy isn't protection without validation. AI, identity, and threat detection must align to reduce operational risk.

🧱 Compliance builds the scaffold, but AI‑powered checks & human brains build the fortress. Heard at #ShowMeCon 2025: policy + AI + validation = real risk reduction. 🛡️

blog.gitguardian.com/showmecon-20...

Identiverse 2025: Trust, Delegation, and the Era of Continuous Identity Identiverse 2025 exposed the urgent need for NHI governance. From AI agents to orphaned credentials, NHIs and their sprawling secrets are today’s most overlooked risks.

Your secrets don’t care who leaked them—human or bot. 🤖 #Identiverse2025 showed why NHIs are today’s identity crisis. From agentic AI to orphaned creds, governance can’t wait. Read our recap:

blog.gitguardian.com/identiverse-...

Security Isn’t A Solo Sport: Community, Burnout, and Identity at BSides312 At BSides312 in Chicago, experts showed that defending systems requires defending people, with trust, inclusion, and communication as key controls. Defense is deeply human.

Missed #BSides312? Our own @mdwayne-real.bsky.social was there and captured all the highlights! Reading his recap is like attending the event yourself. 👉 blog.gitguardian.com/bsides312-20...

Warning — 23 Million New Plaintext Credentials Leaked Online Researchers uncover 23 million new credentials leaked in public, including passwords, authentication tokens and more.

By me @forbes.com: 23 million new secrets leaked. When will it ever end? #kudos @gitguardian.com for the analysis.

#infosec

www.forbes.com/sites/daveyw...

RSA Conference 2025: How Agentic AI Is Redefining Trust, Identity, and Access at Scale RSAC 2025 revealed that AI agents are reshaping trust and identity. Learn what top CISOs are doing about it and how the conversation about NHI governance is evolving.

CISOs at RSAC 2025: “AI won’t wait for your approval.” Agentic AI is here, with keys and autonomy. Got NHI governance yet? 🔑🚪
Read our recap of the world's largest security conference

blog.gitguardian.com/rsa-conferen...

xAI Secret Leak: The Story of a Disclosure AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws ...

A few months ago, our automated detection platform uncovered an xAI API key exposed on public GitHub. What stood out was the key's broad access—not just public models, but unreleased and private ones tied to projects at SpaceX and Tesla.

🚨More details here blog.gitguardian.com/xai-secret-l...

In this episode of the Security Repo Podcast, Chris Lindsey dives deep into the realities of using AI in software development and its security implications, including the concept of “Shadow AI.”

www.youtube.com/watch?v=1NBn...

Secrets Sprawl and AI: Why Your Non-Human Identities Need Attention Before You Deploy That LLM Your RAG implementation can expose secrets in some unexpected ways. Secure your LLM deployments and scrub knowledge bases to prevent your secrets from leaking.

Your chatbot might be the friendliest secrets-leaking intern you never hired 🤖💥
NHIs + RAG = recipe for exposing root passwords in plain text.
Clean your data. Govern your bots.

Details
👉
blog.gitguardian.com/before-you-d...

ATLSecCon 2025: Security Readiness Means Human Readiness LLMs won’t fix a broken SOC, but apprenticeship might. ATLSecCon 2025 revealed how outdated hiring and cultural gatekeeping are breaking cybersecurity from the inside out.

Cybersecurity isn’t short on tools—it’s short on trust, empathy, and apprenticeships. ATLSecCon 2025 brought 🔥

LLMs ≠ magic. Humans still matter.
Full recap: blog.gitguardian.com/atlseccon-20...

AI Is the New Trust Boundary: STL TechWeek Reveals the Risk Shift At St. Louis TechWeek 2025, AI took center stage as industry thought leaders shared sessions warning about inputs, data health, and how agents are the new attack surface.

What lessons did @mdwayne-real.bsky.social learn at #STLTechWeek 2025?

Here is his blog post about the experience.

blog.gitguardian.com/stl-techweek...

The Hidden Breach: Secrets Leaked Outside the Codebase Pose a Serious Threat Secrets aren't just in code. GitGuardian’s 2025 report shows major leaks in collaboration tools like Slack, Jira, and Confluence. Here’s what security teams need to know.

Your secrets aren't just in code anymore... 👀
They're in Slack, Jira, and Confluence.

GitGuardian’s 2025 report drops the mic on secrets sprawl in collab tools.

38% of those leaks? Critical.

📉 Stop pretending internal = secure:

blog.gitguardian.com/secrets-leak...

SnowFROC 2025: A Chilly Reminder That OWASP Matters and Exploring Secure Coding Practices with AI Coding Bots At Denver's SnowFROC, security pros tackled the importance of OWASP’s evolving Top 10 and exposed the current shortcomings of AI-generated code for production systems.

They call it *Copilot* not *Autopilot* for a reason. 🚫

✈️ #SnowFROC2025 showed AI code gen is cool, but def not ready for prime time—especially without security guardrails.

More insights here: blog.gitguardian.com/snowfroc-2025/

YouTube video by The Security Repo The State And Future Of Cybersecurity Training - Zach Hill

Tune into The State And Future Of Cybersecurity Training with Zach Hill from Antisyphon Training, the latest episode of the Security Repo Podcast

youtu.be/GTnX4SgvV4M

70% of leaked secrets remain active two years later

📖 Read more: www.helpnetsecurity.com/2025/03/20/l...

#cybersecurity #cybersecuritynews #secretsmanagement @gitguardian.com

Addressing The Growing Challenge of Generic Secrets: Beyond GitHub's Push Protection Generic secrets are hard to detect and are getting leaked more often. See how GitGuardian offers advanced protection where GitHub's push protection falls short.

Generic secrets are the most common leaks of 2025.

🔓 GitHub's push protection catches some, but GitGuardian's ML-powered detection tackles the toughest ones—before they hit your repo.

Ready for next-level protection?
👉 c.gitguardian.com/gsghp

Devnexus: Bringing Java Into The Age Of AI The largest Java community conference, Devnexus 2025, tackled AI, security, and Java’s role in enterprise development. Read key takeaways for securing applications.

Java turns 30, but it’s not slowing down!

🚀 At #Devnexus2025, AI, security, and secrets management took center stage. From tackling AI risks to securing Java apps, the future is bold—and safe! 🔒 #Java #AppSec

blog.gitguardian.com/devnexus-2025

State of Secrets Sprawl Report 2025 The 2025 State of Secrets Sprawl report measures the exposure of and remediation of leaked secrets within GitHub and how it is evolving year to year.

New publication from @gitguardian.com on the problem of secrets sprawl in GitHub. Non-human identities ( #NHI) like secrets are a festering part of the enterprise #cybersecurity attack surface - www.gitguardian.com/state-of-sec... .

GitGuardian Integration with HashiCorp Vault Centralize secrets management and reduce blind spots!

🚀 Vault sprawl and NHI secrets got you stressed? GitGuardian’s new HashiCorp Vault integration brings visibility, control, and automated remediation to your secrets management! 🔐
Say goodbye to blind spots. Learn more 👉
blog.gitguardian.com/hashicorp-va...

Threat Intelligence and AI Research In Austin: IntelliC0N 2025 At IntelliC0N 2025, threat intelligence leaders shared strategies for using AI, uncovering blind spots, improving communication, and improving cyber defenses overall.

What can AI do for Threat intelligence?

This was the question at the heart of the discussion at #IntelliC0N 2025.

Learn more in our recap: blog.gitguardian.com/intellic0n-2...

Wild West Hackin' Fest @ Mile High 2025: Building a Stronger Security Community Together The Denver edition of WWHF showcased security insights, from red teaming to DevSecOps. Learn key lessons on collaboration, Git security, and AWS policies

🚨 Leaked AWS keys aren’t fully revoked! At #WWHF #MileHigh2025, we learned that AWS’s CompromisedKeyQuarantine policy doesn’t prevent all actions—it’s not really a security feature.

Rotate any and all exposed secrets immediately!

More insights:
c.gitguardian.com/wwhfmh

Non-Human Identity Security in the Age of AI The rise of AI in enterprises has expanded the attack surface. Learn how GitGuardian can help you secure non-human identities and prevent unauthorized access.

🤖 AI-powered agents are revolutionizing workflows—but they’re also expanding the attack surface! Non-human identities (NHIs) need strong security controls to prevent unauthorized access.

🔑 Secure API keys
📜 Prevent secrets sprawl
🛡️ Enforce least privilege

Learn more:
c.gitguardian.com/ai-nhi

The Critical Role of CISOs in Managing IAM - Including Non-Human Identities NHIs outnumber human users in enterprises, yet many IAM strategies ignore them. Learn why CISOs must own NHI governance to prevent security breaches.

IAM without non-human identity (NHI) governance? Incomplete. ❌

Service accounts, APIs, & machine identities are prime targets for attackers. It’s time for CISOs to take charge & secure NHIs. 🔐

Full breakdown:

c.gitguardian.com/ciso-iam