CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive...

TeamPCP Hijacks Bitwarden CLI, Uses Dependabot to Deploy Shai-Hulud Malware

GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools...

GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub

New York, NY, 17th March 2026, CyberNewswire...

900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks

A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub...

GitGuardian Raises $50M Series C to Address Non-Human Identities Crisis and AI Agent Security Gap

New York, NY, 11th February 2026, CyberNewswire...

GitGuardian Closes 2025 with Strong Enterprise Momentum, Protecting Millions of Developers Worldwide

New York, NY, 14th January 2026, CyberNewsWire...

GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows

Paris, France, 15th July 2025, CyberNewsWire...

Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots

GitGuardian's State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities NHIs, which have been outnumbering human users for years. We need to get ahead of it and prepare security...

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days...

Python's PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...

Python's PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...

Three Tips to Protect Your Secrets from AI Accidents

Last year, the Open Worldwide Application Security Project OWASP published multiple versions of the "OWASP Top 10 For Large Language Models," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models,...

Tell Me Your Secrets Without Telling Me Your Secrets

The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets passwords, API keys, priva...

The State of Secrets Sprawl: Podcast

Can I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? In the latest in our Threatpost Podcast Series, host...