Your Secrets Need a VDP, Not Just a Bug Bounty
Bug bounty programs are valuable—until they replace disclosure policies. Learn how unreasonable PoC demands or scope exclusions create security blind spots when it comes to leaked secrets.
MOST POPULAR
all tags
other
Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications
Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials.
Multicloud Security Architecture
Using multiple cloud service providers isn't all benefits, it has its challenges. Today, let's have a look at multicloud: What it is, what are the challenges, especially security challenges, and what are the best practices towards a secure multicloud architecture.
Agent-Based AI and the Machine Identity Revolution Are Reshaping Security
Is agentic AI the productivity revolution we've been waiting for, or a security nightmare in the making? With AI agents now outnumbering humans and secrets proliferating across enterprise systems, the answer isn't simple. Read our insights from SecDays {France} 2025.
When Infostealer Frontiers Meet Identity-Centric Defense: Lessons from BSides SATX 2025
From malware markets to IAM frameworks, BSides SATX 2025 showed why modern security must evolve from static protection to identity-centric, adaptive defense.
Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance
Align your AI pipelines with OWASP AI Testing principles using GitGuardian’s identity-based insights to monitor, enforce, and audit secrets and token usage.
Real-World Attack Chains Involving NHIs: Lessons from SecDays France
Based on the talk “The Explosion of Machine Identities: Are You Aware of This Silent Threat?” at SecDays France 2025.
The Role of AI and Compliance in Modern Risk Management: ShowMeCon 2025
The speakers at ShowMeCon 2025 explored why policy isn't protection without validation. AI, identity, and threat detection must align to reduce operational risk.
GitGuardian Partners with GuidePoint Security to Strengthen Application Security Offerings
GitGuardian and GuidePoint Security have partnered to deliver enhanced secrets detection and non-human identity security solutions to North American customers, offering tools to combat secrets sprawl and mismanaged identities.
Securing Your Machine Identities Means Better Secrets Management
Machine identities make up the majority of the over 24 million secrets GitGuardian discovered in public in 2025. Let's look at how we got here and how we fix this.
Automated Guard Rails for Vibe Coding
Vibe coding might sound like a trendy term, but it's really just developing software without automated checks and quality gates. Traditional engineering disciplines have always relied on safety measures and quality controls, so vibe coding should be no different in my honest opinion.
Identiverse 2025: Trust, Delegation, and the Era of Continuous Identity
Identiverse 2025 exposed the urgent need for NHI governance. From AI agents to orphaned credentials, NHIs and their sprawling secrets are today’s most overlooked risks.
How GitGuardian and Akeyless Secure Machine Identities Across Environments
See how GitGuardian's deep discovery, combined with Akeyless's automation, delivers full secrets lifecycle control.
