San Francisco Secure Software and AppSec Summit 2026: The Next AppSec Operating Model

Security leaders at this SF area Summit examined AI agent risk, dependency governance, stale infrastructure, and the future of secure software.

EDITOR’S PICK

The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub

Guillaume Valadon

5 Mar 2026 – 5 min read

all tags

Conferences

INCYBER Forum Canada 2025: Collaboration Wins Over Compliance

At INCYBER Forum Canada 2025, leaders from across sectors explored AI, supply-chain risk, and culture-driven defense, stressing that true resilience is built together.

Dwayne McDaniel

21 Oct 2025 – 7 min read

Secrets detection

Building Chromegg: A Chrome Extension for Real-Time Secret Detection

Ever accidentally pasted an API key into a web form? Chromegg is our new Chrome extension that scans form fields in real-time, alerting you BEFORE you submit secrets. Open-source & ready to use!

Andy Rea

20 Oct 2025 – 5 min read

Artificial Intelligence

OAuth for MCP - Emerging Enterprise Patterns for Agent Authorization

Why agents break the old model and require rethinking traditional OAuth patterns.

Rethinking Security Resilience And Getting Back To Basics At CornCon 11

CornCon 11 emphasized security basics, real-world risk alignment, and sustainable practices to help teams build resilient programs in today’s complex threat landscape.

SREday SF 2025: Human Centered SRE In An AI World

SRE Day SF shows why dashboards alone do not defend anything. Explore paths to better telemetry, progressive delivery, and resilience that customers can feel.

Dwayne McDaniel

13 Oct 2025 – 7 min read

Security Research

How Cybercriminal Organizations Weaponize Exposed Secrets

The threat GitGuardian has long-anticipated is now a reality: criminal groups are executing systematic attacks targeting hardcoded credentials and over-permissive IAM configurations. The situation escalated when Shiny Hunters and Crimson Collective formed an alliance to coordinate efforts.

Guillaume Valadon

10 Oct 2025 – 3 min read

Secrets Management

Terraform Secrets Management Best Practices: Secret Managers and Ephemeral Resources

In this blog, we will explore Terraform secrets management best practices, ephemeral resources, and some examples of securely orchestrating AWS infrastructure with AWS Secrets Manager.

Tiexin Guo

9 Oct 2025 – 10 min read

Conferences

DevOps Days Philadelphia 2025: Security As A Control Loop, Resilience, Runtime Risks, And How AI Is Changing It

DevOpsDays Philadelphia 2025 showed how AI governance, secrets security, runtime traces, and ablative resilience work together to reduce operational risk.

Dwayne McDaniel

6 Oct 2025 – 6 min read

Breach explained

Red Hat GitLab Data Breach: The Crimson Collective's Attack

This breach exposed 570GB of data from 28,000 repositories, affecting 800+ organizations. Crimson Collective leaked Customer Engagement Reports containing credentials, API keys, and infrastructure details from major enterprises.

Guillaume Valadon

3 Oct 2025 – 9 min read

Best practices

Security Lessons For All From GitHub's Hardened Package Publication For npm

GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.

Dwayne McDaniel

2 Oct 2025 – 6 min read

DevSecOps

How to Handle Secrets in CI/CD Pipelines

Securely managing secrets within the CI/CD environment is super important. Mishandling secrets can expose sensitive information, potentially leading to unauthorized access, data breaches, and compromised systems.

Tiexin Guo

29 Sep 2025 – 14 min read

Non-Human Identity

How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM

Let's have a look at how to integrate NHI Governance with AWS IAM to get detailed security insights into your dashboard.

Tiexin Guo

29 Sep 2025 – 6 min read

San Francisco Secure Software and AppSec Summit 2026: The Next AppSec Operating Model

Dwayne McDaniel

MOST POPULAR

The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords

Gaetan Ferry

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Guillaume Valadon

EDITOR’S PICK

The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub

Anna Nabiullina

2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk

Guillaume Valadon

INCYBER Forum Canada 2025: Collaboration Wins Over Compliance

Dwayne McDaniel

Building Chromegg: A Chrome Extension for Real-Time Secret Detection

Andy Rea

OAuth for MCP - Emerging Enterprise Patterns for Agent Authorization

Thomas Segura

Rethinking Security Resilience And Getting Back To Basics At CornCon 11

Dwayne McDaniel

SREday SF 2025: Human Centered SRE In An AI World

Dwayne McDaniel

How Cybercriminal Organizations Weaponize Exposed Secrets

Guillaume Valadon

Terraform Secrets Management Best Practices: Secret Managers and Ephemeral Resources

Tiexin Guo

DevOps Days Philadelphia 2025: Security As A Control Loop, Resilience, Runtime Risks, And How AI Is Changing It

Dwayne McDaniel

Red Hat GitLab Data Breach: The Crimson Collective's Attack

Guillaume Valadon

Security Lessons For All From GitHub's Hardened Package Publication For npm

Dwayne McDaniel

How to Handle Secrets in CI/CD Pipelines

Tiexin Guo

How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM

Tiexin Guo

Start your journey to secrets-free source code