On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.
Compare the best identity orchestration tools and platforms for 2026. Covers orchestration engines, identity fabrics, NHI exposure prevention, and more to unify and secure your IAM stack.
This year's Devner OWASP event showed why modern AppSec depends on secure defaults, stronger provenance, and security controls that appear where developers make decisions.
Vercel's Context.ai breach exposed environment variables that weren't marked sensitive. Learn how to pull and scan your secrets with GitGuardian.
From AI agents to identity abuse, ATLSECCON 2026 focused on how security teams can reduce exposure, improve visibility, and make trust enforceable while moving ever faster.
AI agents need to authenticate with numerous systems, making AI authentication a crucial security boundary that determines blast radius, revocability, and long-term governance risk.
GitHub is hardening Actions with deterministic dependencies, scoped secrets, and policy controls. Teams still need immediate detection and remediation for today’s risk.
Security maturity was the thread running through BSides MKE 2026, from clearer business language to role clarity, AI governance, and non-human identity risk.
Recent supply chain attacks stayed live for hours. Automation tools silently merged their malware in minutes. Read how upgrade bots and AI agents became the insider threat.
The data from this year's State of Secrets Sprawl report shows that AI is not creating a new secrets problem; it is accelerating every condition that already made secrets dangerous.
At Gartner IAM Summit 2026, the strongest conversations were about machine identities, AI agents, secrets, trusted integrations, and the growing realization that credential abuse now sits much closer to the center of enterprise risk.
Learn how GitGuardian supports NHI governance with a secrets-first model that improves visibility, reduces sprawl, and helps teams manage machine identity risk.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
