Speakers made it clear that agentic AI is already operating across enterprise workflows. Learn why identity must govern ownership, permissions, actions, and accountability.
Speakers made it clear that agentic AI is already operating across enterprise workflows. Learn why identity must govern ownership, permissions, actions, and accountability.
The pace is not slowing down. Between May 18 and June 1, 2026, four distinct supply chain campaigns swept through npm, PyPI, Crates.io, GitHub Actions, and Composer.
By rewriting our secret detection engine in Rust, we made our engine more than three times as fast. But not without making it four times slower along the way.
Compare the best secrets management tools for 2026. Reviews of open source, multi-cloud, Kubernetes, and DevOps secrets management solutions for enterprise teams.
This year's report shows how credential sprawl across DevOps, SaaS, CI/CD, the cloud, and developer laptops turns initial access into operational impact.
In an AI-assisted development era, the third edition of BSides312 showed why trust, identity, access, evidence, and community remain core to security work.
Code from GitHub and Grafana is in criminal hands. Secrets buried inside could open doors no one is thinking of protecting yet, and AI will make hunting 0-days in that private code faster than ever.
A single leaked Kubernetes credential rarely stays in the cluster. It opens the registry credentials, private Docker images, and private GitHub repositories behind it. In Q1 2026 alone, our detectors caught close to 2,000 new such leaks on GitHub, 28% valid at leak time.
How to govern MCP at enterprise scale: authentication patterns, scope control, secrets lifecycle, and credential exposure detection for multi-agent deployments.
On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.
Security leaders at this SF area Summit examined AI agent risk, dependency governance, stale infrastructure, and the future of secure software.
Using Cursor, GitHub Copilot, Claude Code, Codex, or another coding agent means giving software access to more than your code. It can also see the credentials available in your workspace, shell, config files, and development environment.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
