đź’ˇ
TL;DR: This quarter, GitGuardian evolved further from a discovery tool into a lifecycle management platform, one that finally matches the speed and sophistication of modern threats. The headline features: unified Public Monitoring integration, one-click secret revocation, enhanced graph intelligence, 12 new integrations, and 80+ detector updates. Together, we delivered what organizations have been asking for: end-to-end Non-Human Identity security that goes from discovery to automated remediation without the friction.

Breaking Down the Walls Between Internal and External

Here's something most organizations don't realize: their developers' personal GitHub repositories are part of their attack surface. A service account credential leaked on someone's side project is just as dangerous—often more dangerous—than one exposed internally. Until this quarter, Public Monitoring existed as a standalone product. Well, not anymore.

Public Monitoring is now fully integrated into the GitGuardian platform, creating unified visibility across Internal Monitoring, Public Monitoring, and NHI Governance. This isn't just a UI consolidation. It's a fundamental shift in how you understand where your secrets live and how they're exposed.

The unified experience delivers something powerful: cross-product intelligence. You can now see how publicly exposed secrets relate to internal incidents, vaulted secrets, infrastructure usage, and consumer applications—all in one view. No more piecing together scattered information across multiple tools. No more blind spots where developers' personal repos hide organizational secrets.

All incidents, regardless of source—internal repositories, collaboration tools, or public GitHub—now appear on a single dashboard with unified triage workflows, consistent severity scoring, and integrated remediation playbooks. Your team develops muscle memory for incident response that works everywhere, not just in one corner of your perimeter.

And because the integration is proactive, you can scan your defined public perimeter to identify exposed secrets before attackers find them. In a world where credential scanning bots are faster than most security teams, being proactive is important for survival.

This matters for CISOs who need complete attack surface visibility, security architects designing zero-trust strategies, compliance teams demonstrating comprehensive monitoring, and open-source program offices protecting company secrets in public projects.

Explore Public Monitoring documentation →

Closing the Attack Window

One-Click Secret Revocation

There's a statistic that keeps security professionals up at night: exposed AWS credentials are probed by attackers in under 17 minutes. Meanwhile, traditional remediation workflows create a ticket, notify the team, wait for someone to manually navigate to the provider platform, revoke the secret, update the incident, and take hours or days. This 60x to 100x gap between attack speed and response capability isn't just a problem. It's the reason 70% of secrets leaked in 2022 are still active today.

This quarter, GitGuardian closed that gap.

Security teams can now revoke exposed secrets directly from the incident detail view with a single click. No context switching. No hunting through provider dashboards. No delays. Just immediate threat neutralization.

"Sometimes you are building locally, early on a project, and leak your GitHub OAuth key—being able to immediately invalidate this on GitHub is a great relief."— Alpha customer

The workflow is elegantly simple. When GitGuardian detects a valid secret exposure, you assess the impact using NHI Governance context—which consumer applications use it, what resources it can access, and which workloads depend on it. Then you decide: immediate revocation or coordinated response? For non-production API keys, personal access tokens in public repos, or dev/staging secrets with minimal business impact, you click to revoke. Built-in safeguards prevent accidents, and every action is automatically logged for compliance.

For production keys with unknown dependencies, high-privilege service account credentials, or keys integrated across multiple systems, you coordinate. The point is: you now have the choice, and you can act at the speed of the threat.

The feature currently supports GitHub, GitLab, and OpenAI, with more providers joining the ecosystem as GitGuardian works with vendors to enable rapid, automated revocation across the secrets management landscape.

During alpha testing, 40% of users immediately adopted the feature upon receiving their first alert. That adoption rate tells you everything you need to know about how badly this capability was needed.

Learn more about one-click revocation →

Making Investigation Intuitive

When Your Graph Actually Tells the Story

Investigation workflows shouldn't require archaeology. Yet that's what many security teams were doing. Switching between multiple pages, cross-referencing scattered data, trying to piece together the full story of a secret exposure. It destroys momentum and increases the mean time to resolution.

Our Secrets exploration graph changes that equation entirely.

GitGuardian consolidated scattered incident data into one unified, context-rich graph interface. Severity levels, source information, occurrence data, and public leak indicators now appear together in a single view. Everything you need to understand an incident and make remediation decisions is right there, eliminating the context-switching tax that slowed investigations.

The real breakthrough came from integrating HasMySecretLeaked intelligence. The platform now categorizes three distinct types of public exposure: secrets in your monitored public sources, incidents in your public perimeter, and external GitHub locations discovered through the HasMySecretLeaked database. A new "Publicly Leaked" tag unifies what were previously scattered exposure indicators, giving you complete visibility into your organization's secret exposure landscape.

This matters particularly for Non-Human Identities because they're uniquely vulnerable to sprawl. NHIs get shared across teams, live longer than user credentials, get hardcoded "temporarily" and forgotten, and appear in multiple locations simultaneously. Understanding where your NHIs are exposed and correlating public and private incidents is essential for effective lifecycle management.

The enhanced graph transforms the investigation from a research project into an intuitive exploration. You see the story at a glance and can act with confidence.

See the graph enhancement changelog →

Expanding the Ecosystem

12 Integrations and a Framework That Changes Everything

This quarter, GitGuardian shipped 12 brand-new integrations. But the number isn't the story. The scalable framework behind them is.

The integrations themselves span your critical infrastructure: Okta, Auth0, and JFrog for security and identity; Datadog and New Relic for observability; Snowflake and Metabase for data and analytics; OpenAI, Anthropic, and Dust for AI and LLMs; N8N and Airbyte for workflow automation.

Each one matters because Non-Human Identities don't just live in code repositories and secrets managers. They're scattered across identity providers managing service accounts, monitoring platforms with embedded API keys, data warehouses accessed by automated jobs, AI platforms powering agentic workflows, and automation tools orchestrating integrations. Every integration expands your visibility, bringing previously hidden machine identities into your centralized inventory.

But here's what makes this quarter transformational: GitGuardian's engineering team built a solid, reusable system for rapidly adding future integrations. Instead of each integration being a custom, one-off project, there's now a platform foundation that makes every subsequent integration easier. Expect the integration catalog to grow exponentially in Q4 and beyond.

Rethinking How You Navigate NHI

Along with the 12 integrations came a paradigm shift in how you explore your NHI landscape.

GitGuardian launched an identity-first inventory view that fundamentally changes the navigation model. Instead of starting with sources—AWS, GitHub, Vault—and trying to piece together which identities exist, you now start with the identity itself and see everywhere it appears, all its associated secrets, and all the resources it can access.

This seemingly simple inversion solves real problems. You can discover identity sprawl across multiple systems, assess the blast radius of compromised identities, identify duplication of the same logical identity, track lifecycle from creation to decommissioning, and prioritize remediation by privilege and access.

OWASP's NHI Top 10 risks include "Inadequate NHI Visibility" and "Lack of NHI Lifecycle Management." An identity-first inventory directly addresses both by making the identity and its secret the primary unit of analysis.

Explore the identity-first inventory →

Staying Ahead of the Credential Arms Race

While the platform integrations expanded horizontally, GitGuardian's detection engine evolved vertically. The team added 30+ new detectors and updated 50+ existing ones across AI platforms like Mistral AI, Anthropic, and Perplexity; cloud services, including Artifactory and expanded GitLab coverage; Kubernetes; and development tools like Buildkite.

This continuous evolution matters because the secrets detection landscape never stands still. New services launch with new credential formats. Existing providers update authentication patterns. Attack techniques evolve to exploit new vectors. GitGuardian's commitment is to staying one step ahead, catching emerging credential types before they become widespread attack vectors.

If you haven't re-scanned your repositories and other sources lately, now's the time. Those 80+ detector updates could surface exposures you didn't know existed.

View detector releases → | Browse 500+ detectors →

What's Next

The Q4 roadmap continues the momentum with three focus areas:

Expanded remediation automation will bring automated code fix generation with PR suggestions, advanced remediation playbooks for complex scenarios, and deeper vault integration workflows for automated rotation. The goal: make fixing exposed secrets as automatic as detecting them.

Deeper integrations mean additional secrets manager support beyond the current HashiCorp, AWS, Azure, Google, Delinea, and Akeyless coverage; comprehensive multi-cloud NHI discovery; and CI/CD pipeline integration that prevents secrets from entering pipelines in the first place.

Intelligence and analytics will deliver enhanced reporting with compliance framework mapping, predictive analytics that identify at-risk NHIs before exposure, and threat intelligence that correlates exposed secrets with known attack campaigns.

We're not slowing down.

Get Started

Ready to see these capabilities in action? Book a personalized demo → or try our interactive demo → to explore the platform yourself.