all tags
Fresh From The Docks: Uncovering 100,000 Valid Secrets in DockerHub

Fresh From The Docks: Uncovering 100,000 Valid Secrets in DockerHub

This post details the methodology used to scan 15 million Docker images, uncovering a staggering 100,000 valid secrets, including AWS, GCP, and GitHub tokens belonging to Fortune 500 companies. This emphasizes the critical need for improved security practices in containerized environments.

xAI Secret Leak: The Story of a Disclosure

xAI Secret Leak: The Story of a Disclosure

AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain.

Q1 2025 Recap: GitGuardian Doubles Down on Secrets Security and Machine Identity Control

Q1 2025 Recap: GitGuardian Doubles Down on Secrets Security and Machine Identity Control

GitGuardian launches new NHI Governance, enhanced synergies with Secret Manager integrations, smarter context analysis, container registry scanning, historical scanning for Jira & Confluence, and more. Take control of your secrets security, and machine identities.

A Look Into the Secrets of MCP: The New Secret Leak Source

A Look Into the Secrets of MCP: The New Secret Leak Source

MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP is a new source of leaks that already discloses real-world secrets.

Start your journey to secrets-free source code

And keep your secrets out of sight

arrow-down