GitGuardian

New Episode • Built Fast, Broken Faster: MCP & AI App Security—with GitGuardian’s Gaetan Ferry
https://trustory.fm/cybersentries/built-fast-broken-faster-mcp-ai-app-security-with-gitguardians-gaetan-ferry/

AI Is Making Security More Agile: Highlights from ChiBrrCon 2026 ChiBrrCon 2026 tackled AI, resilience, and operational agility in enterprise security. Learn what top speakers shared on SOC modernization and architectural risk.

90B events/day and we’re still manually doing L1 triage?
That’s not resilience, that’s ✨tradition✨.

#ChiBrrCon 2026 takeaway: automate the repetitive, keep humans for judgment, and build real inventories.

#AppSec #AI

blog.gitguardian.com/chibrrcon-20...

Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom - Help Net Security GitGuardian enables prevention-first security by stopping secrets before Git commits, reducing leaks and helping teams scale safer.

Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom

📖 Read more: www.helpnetsecurity.com/2026/01/28/g...

#cybersecurity #cybersecuritynews #telecommunications #remediation @gitguardian.com

GitGuardian Security Your Secrets with ggshield

Cheat Sheet Alert! "How To Use ggshield To Avoid Hardcoded Secrets" by Dwayne McDaniel from @gitguardian.com December 10, 2025. GitGuardian's ggshield can help you quickly find any secrets in your repos, local files, archives, and commits.
cybersec.gitguardian.com/s/how-to-use...

Agentic AI and Non‑Human Identities Demand a Paradigm Shift In Security: Lessons from NHIcon 2026 In the race to innovate, software has repeatedly reinvented how we define identity, trust, and access. In the 1990's, the web made every server a perimeter. In the 2010's, the cloud made every identit...

🤖 Agents don’t log in. They act.
At #NHIcon 2026 the message was clear: human-centric IAM breaks in the age of agentic AI.
Static roles + long-lived creds = 🚨 risk amplification.
Time for identity at the speed of autonomy. 🔐
blog.gitguardian.com/nhicon-2026

Boards Focus On Risk, Resilience, and Operational Realities: Where NHI Governance Fits In Learn how GitGuardian helps boards and CISOs align on cyber risk, operational resilience, and the rising impact of unmanaged workload identities at scale.

Secrets sprawl ≠ developer mistakes.
It’s unmanaged machine access at scale.
Boards care about downtime, cost, and resilience, and NHIs sit right in the middle.
Here’s how to connect the dots 👇

blog.gitguardian.com/boards-focus...

What AI Agents Can Teach Us About NHI Governance Agentic AI is a stress test for non-human identity governance. Discover how and why identity, trust, and access control must evolve to keep automation safe.

AI agents aren’t your coworkers.
They’re over-permissioned bots with access to prod. Stop pretending they’re cute. Start treating them like risks.
🛑
NHI governance now!

blog.gitguardian.com/what-ai-agen...

NHIcon 2026 by Aembit | Jan. 27 Agentic software is moving fast. NHIcon 2026 is one-day virtual experience for platform and security pros tackling AI and non-human identity challenges.

AI agents are already causing incidents, and identity controls aren’t ready.

Jan 27: Join GitGuardian at #NHIcon2026.

Talk: “How Agentic AI Helps You Leak Secrets (and What to Do About It)” (1 PM PST, Builders Track) w/ @mdwayne-real.bsky.social

Free registration here: aembit.io/nhicon?aff=G...

OWASP London Chapter Meetup [IN-PERSON], Wed, Jan 21, 2026, 6:00 PM | Meetup **This event is kindly sponsored by Nuaware.** **Raffle prizes are kindly sponsored by GitGuardian and Docker.** **There is limited seating available for in-person attende

The next OWASP London Chapter in-person Meetup will take place on January 21st, 2026, kindly sponsored by @nuaware_tech with raffle prizes kindly sponsored by @GitGuardian and @Docker

Register to attend this event here:
👇

@andy-rea-levantar.bsky.social

Andy Rea built a demo showing how to wire up multiple AI agents using Google's Agent Development Kit (ADK) and the #A2A protocol, with GitGuardian scanning content for secrets.
blog.gitguardian.com/building-a-m...

The complete code is available at: github.com/reaandrew/a2...

Getting To AWS IAM Outbound Identity Federation With GitGuardian Secure all your non-human identities across providers and without secrets. Explore how AWS and GitGuardian can help organizations migrate to short-lived tokens.

🚀 The future of secure non‑human identity is here!

AWS IAM Outbound Identity Federation eliminates long‑term creds in favor of short‑lived tokens.

GitGuardian can help you track the migration in real time.

blog.gitguardian.com/aws-iam-outb...

#DevSecOps #AppSec

From Detection to Defense: How Push-to-Vault Supercharges Secrets Management for DevSecOps Secrets don’t belong in plaintext. GitGuardian's Push-to-Vault automates vaulting exposed secrets, helping security teams scale governance and reduce incident fatigue.

Secrets leaked? Don’t panic—push to vault! 🧯
GitGuardian's Push-to-Vault turns “uh-oh” into “handled” by sending secrets straight into your existing Secret Manager.
No more tab juggling.
blog.gitguardian.com/push-to-vault/

Lessons in Testing, Performance, and Legacy Systems from /dev/mtl 2025 Montreal's recent community event revealed how feature flags, observability, and lifecycle discipline help teams manage complexity without compromising security or stability.

🔄 Feature flags, legacy systems, and N+1 queries walk into a dev conf... /dev/mtl 2025 reminds us: it’s not about speed, it’s about smart feedback loops.
#DevSecOps
blog.gitguardian.com/dev-mtl-2025/

🚨 #Shai_Hulud techincal analysis is live
We've completed our forensic analysis of the Nov 24 supply chain attack. 754 infected npm packages, 20,649 analyzed repositories, 33,185 unique secrets (3,760 valid).
blog.gitguardian.com/shai-hulud-2/

OWASP Top 10 2025 Updates: Supply Chain, Secrets, And Misconfigurations Take Center Stage Discover what’s changed in the OWASP 2025 Top 10 and how GitGuardian helps you mitigate risks like broken access control and software supply chain failures.

🔐 The 2025 #OWASP Top 10 2025 says it loud:
access control still #1, but now supply chains & mis‑configs steal the spotlight.
Ready your CI/CD, stacks & cloud.

blog.gitguardian.com/owasp-top-10...

#AppSec #DevSecOps

Workload And Agentic Identity at Scale: Insights From CyberArk's Workload Identity Day Zero On the eve of KubeCon 2025, experts from companies like Uber, AWS, and Block shared how SPIRE and workload identity fabrics reduce risk in complex, cloud-native systems.

🔐 From “API keys in Git” to “agentic AI with scoped identities” — the next frontier of security is non‑human actors with strong attestation. #DevSecOps #CloudNative #CyberArk #SPIFFE
#KubeCon

blog.gitguardian.com/workload-ide...

Trust Beyond Containers: Identity and Agent Security Lessons from KubeCon 2025 From secure service mesh rollouts to AI cluster hardening, see how KubeCon + CloudNativeCon NA 2025 redefined identity, trust, and governance in Kubernetes environments.

Containers were the on‑ramp, not the destination.” At #KubeCon 2025 identity, governance & agent security stole the show. Microservices + AI = new risk surface.
Read more: blog.gitguardian.com/kubecon-2025

BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments Highlights from BSides Chicago 2025, where we explored cloud-native identity risks, from service principal abuse to Kubernetes misconfigs and control-plane compromise tactics.

🚨 Identity is the new perimeter. At #BSidesChicago 2025 we saw attackers moving through the cloud control‑plane like it’s tourist season — service principals & Kubernetes misconfigs are their playground. 🍿 Dive deeper:
blog.gitguardian.com/bsides-chica...

#DevSecOps #AppSec

Identity Architecture Now Drives Cyber Risk: Techno Security & Digital Forensics Conference West 2025 Identity, classification, and cloud persistence risks took center stage at Techno Security West 2025. Learn what cybersecurity leaders are prioritizing now.

At #TechnoSecurity West 2025, identity = perimeter.
If your IAM is a maze, attackers have already found the exit.
🧩🔐
blog.gitguardian.com/techno-secur...

Human admins aren’t the only VIPs; service accounts and automation scripts need the spotlight too.

👀

Read how GitGuardian helps you widen the scope of PAM and kill secret sprawl for good.

blog.gitguardian.com/working-towa...

#AppSec #SecOps

INCYBER Forum Canada 2025: Collaboration Wins Over Compliance At INCYBER Forum Canada 2025, leaders from across sectors explored AI, supply-chain risk, and culture-driven defense, stressing that true resilience is built together.

🚀 At #INCYBERCanada 2025 in Montréal we heard loud & clear: compliance doesn’t cut it anymore—collaboration is the new security foundation. 🌐 Let’s govern machine identities, secure our global supply‑chains, and build resilience together.

blog.gitguardian.com/incyber-foru...

Rethinking Security Resilience And Getting Back To Basics At CornCon 11 CornCon 11 emphasized security basics, real-world risk alignment, and sustainable practices to help teams build resilient programs in today’s complex threat landscape.

Back to security basics at CornCon 11: Why resilience beats perfection

The big takeaway:
Embrace sustainable security programmes – don’t chase zero‑risk illusions, build something you can maintain.

Read more: blog.gitguardian.com/corncon-11/

Security Lessons For All From GitHub's Hardened Package Publication For npm GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.

GitHub is doubling down: requiring WebAuthn, OIDC, and ultra-short tokens to harden npm publishing. These aren’t just npm rules — they’re lessons for all devs. 🔐

blog.gitguardian.com/security-les...

#DevSecOps #SupplyChainSecurity

Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT Learn how to shift the conversation from "who’s to blame" to "who has context" in managing non-human identities across modern enterprise IT infrastructure.

Who owns your API keys?
Spoiler: probably not the person you think

😅 Stop playing hot potato with NHIs—focus on context, not blame.
👉 blog.gitguardian.com/defining-nhi...

#OWASP #NHIs #MachineIdentities

BlueTeamCon 2025: Finding new approaches to security that don’t let perfect stand in the way of better BlueTeamCon 2025 showed why progress beats perfection in cybersecurity. Explore highlights on visibility, AI safety, collaboration, identity, and pragmatic defense.

BlueTeamCon 2025 taught us: perfection’s overrated; logs, pragmatic AI, and identity tweaks win. Who knew fixing cybersecurity could feel like adulting?
🕵️‍♂️🔍

Check it out: blog.gitguardian.com/blueteamcon-...

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that *exfiltrated 3,3...

🚨 𝗕𝗥𝗘𝗔𝗞𝗜𝗡𝗚: 𝗚𝗶𝘁𝗚𝘂𝗮𝗿𝗱𝗶𝗮𝗻 𝗨𝗻𝗰𝗼𝘃𝗲𝗿𝘀 𝗠𝗮𝘀𝘀𝗶𝘃𝗲 𝗦𝘂𝗽𝗽𝗹𝘆 𝗖𝗵𝗮𝗶𝗻 𝗔𝘁𝘁𝗮𝗰𝗸
We've discovered a coordinated campaign we called "GhostAction", that compromised 817 #GitHub repositories across 327 users, 𝘀𝘁𝗲𝗮𝗹𝗶𝗻𝗴 𝟯,𝟯𝟮𝟱 𝘀𝗲𝗰𝗿𝗲𝘁𝘀 through malicious CI/CD workflows.
blog.gitguardian.com/ghostaction-...

Why the Principle of Least Privilege Is Critical for Non-Human Identities Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.

Overprivileged bots are the new insider threat 🤖💣

Most API tokens still have full access.
Why?

Because to many teams, breaking prod > breaking security.

Time to rethink privilege and NHI governance.

Full post 👉
blog.gitguardian.com/principle-of...

Following the recent breach, we've just published the complete playbook: how to build a #Salesforce secrets scanning pipeline using Salesforce CLI + GitGuardian's detection engine.
Read our emergency response guide: lnkd.in/e78Jm586

Investigating The Nx "s1ngularity" Attack: What GitGuardian Uncovered And How You Can Stay Safe YouTube video by GitGuardian

Heads up Nx users, your credentials might have been leaked.

Hear from GitGuardian's Cybersecurity Researcher on what he discovered when he dug into the recent Nx "s1ngularity" attack, affecting thousands of users.

youtu.be/t3RSKws0en4

#Nx #s1ngularity #DevSecOps #SupplyChainAttack