Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials.
Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials.
Is agentic AI the productivity revolution we've been waiting for, or a security nightmare in the making? With AI agents now outnumbering humans and secrets proliferating across enterprise systems, the answer isn't simple. Read our insights from SecDays {France} 2025.
From malware markets to IAM frameworks, BSides SATX 2025 showed why modern security must evolve from static protection to identity-centric, adaptive defense.
Align your AI pipelines with OWASP AI Testing principles using GitGuardian’s identity-based insights to monitor, enforce, and audit secrets and token usage.
Based on the talk “The Explosion of Machine Identities: Are You Aware of This Silent Threat?” at SecDays France 2025.
The speakers at ShowMeCon 2025 explored why policy isn't protection without validation. AI, identity, and threat detection must align to reduce operational risk.
GitGuardian and GuidePoint Security have partnered to deliver enhanced secrets detection and non-human identity security solutions to North American customers, offering tools to combat secrets sprawl and mismanaged identities.
Vibe coding might sound like a trendy term, but it's really just developing software without automated checks and quality gates. Traditional engineering disciplines have always relied on safety measures and quality controls, so vibe coding should be no different in my honest opinion.
Identiverse 2025 exposed the urgent need for NHI governance. From AI agents to orphaned credentials, NHIs and their sprawling secrets are today’s most overlooked risks.
See how GitGuardian's deep discovery, combined with Akeyless's automation, delivers full secrets lifecycle control.
Our latest State of Secrets Sprawl 2025 research reveals a troubling reality: the majority of leaked corporate secrets found in public code repositories continue to provide access to systems for years after their discovery.
At BSides312 in Chicago, experts showed that defending systems requires defending people, with trust, inclusion, and communication as key controls. Defense is deeply human.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
