Security Research
A Mini Shai-Hulud Targeting the SAP Ecosystem
SAP Node.js packages compromised with self-propagating malware. 971 repos created using 7 stolen GitHub tokens. Attack ongoing—GitGuardian analysis inside."
MOST POPULAR
all tags
other
The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub
GitGuardian’s 5th State of Secrets Sprawl report is here. In this blog, we unpack the key findings behind the 2026 edition, from AI-driven leak growth to the remediation gaps security teams can’t ignore.
Who Actually Owns This Service Account?
When an NHI is compromised, who do you call? GitGuardian NHI ownership eliminates the guessing game with automatic accountability.
Top 10 Non-Human Identity Security Tools and Platforms for 2026
Non-human identities outnumber humans 10:1 in cloud-native orgs. Top risks: unmanaged lifecycles, overprivileged access, and exposed credentials. The best NHI security tools in 2026 span secrets detection, lifecycle governance, machine identity management, and vault extensions for layered coverage.
ConFoo 2026: Guardrails for Agentic AI, Prompts, and Supply Chains
Read the takeaways from ConFoo 2026, including putting guardrails where requests happen, auditing tool calls, treat dependency updates like production access.
2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk
GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure campaign achieved 97% remediation.
Protecting Developers Means Protecting Their Secrets
Secrets don’t just leak from Git. They accumulate in filesystems, env vars, and agent memory. See how to find them, stop the bleed, and protect your whole supply chain
Claude Code Security: Why the Real Risk Lies Beyond Code
Anthropic's Claude Code Security launch sent shockwaves through cybersecurity markets. As GitGuardian's CEO, here's why I believe the real battle has shifted from code vulnerabilities to identity and secrets management in the AI era.
Shifting Security Left for AI Agents: Enforcing AI-Generated Code Security with GitGuardian MCP
In this article, we will explore the hot topic of securing AI-generated code and demonstrate a technical approach to shifting security left for cloud AI agents by using Model Context Protocol (MCP) tools.
Confronting Vault Sprawl And The Risks It Brings
Vault sprawl means duplicated secrets, fragmented access, and unclear ownership. Learn how GitGuardian's NHI Governance restores control across the enterprise.
SRE Playbook: A Guide to Discover and Catalog Non-Human Identities (NHI)
Let's take a closer look at the fragmented NHI inventory from a site reliability engineer's perspective.
AI Is Making Security More Agile: Highlights from ChiBrrCon 2026
ChiBrrCon 2026 tackled AI, resilience, and operational agility in enterprise security. Learn what top speakers shared on SOC modernization and architectural risk.
Why We Raised $50M: The Non-Human Identity Crisis Driving Our Series C
Today we're announcing our $50 million Series C, led by Insight Partners with participation from Quadrille Capital and our existing investors. But this isn't a story about funding.
