GitGuardian
@gitguardian.com
GitGuardian leads the way in Non-Human Identity security, offering end-to-end solutions.
Website: gitguardian.com
Blog: blog.gitguardian.com
Free GH audit: s.gitguardian.com/free-audit
Website: gitguardian.com
Blog: blog.gitguardian.com
Free GH audit: s.gitguardian.com/free-audit
🚨 Identity is the new perimeter. At #BSidesChicago 2025 we saw attackers moving through the cloud control‑plane like it’s tourist season — service principals & Kubernetes misconfigs are their playground. 🍿 Dive deeper:
blog.gitguardian.com/bsides-chica...
#DevSecOps #AppSec
blog.gitguardian.com/bsides-chica...
#DevSecOps #AppSec
BSides Chicago 2025: Operationalizing Identity Risk In Cloud-Native Environments
Highlights from BSides Chicago 2025, where we explored cloud-native identity risks, from service principal abuse to Kubernetes misconfigs and control-plane compromise tactics.
blog.gitguardian.com
November 6, 2025 at 3:33 PM
🚨 Identity is the new perimeter. At #BSidesChicago 2025 we saw attackers moving through the cloud control‑plane like it’s tourist season — service principals & Kubernetes misconfigs are their playground. 🍿 Dive deeper:
blog.gitguardian.com/bsides-chica...
#DevSecOps #AppSec
blog.gitguardian.com/bsides-chica...
#DevSecOps #AppSec
At #TechnoSecurity West 2025, identity = perimeter.
If your IAM is a maze, attackers have already found the exit.
🧩🔐
blog.gitguardian.com/techno-secur...
If your IAM is a maze, attackers have already found the exit.
🧩🔐
blog.gitguardian.com/techno-secur...
Identity Architecture Now Drives Cyber Risk: Techno Security & Digital Forensics Conference West 2025
Identity, classification, and cloud persistence risks took center stage at Techno Security West 2025. Learn what cybersecurity leaders are prioritizing now.
blog.gitguardian.com
November 4, 2025 at 3:28 PM
At #TechnoSecurity West 2025, identity = perimeter.
If your IAM is a maze, attackers have already found the exit.
🧩🔐
blog.gitguardian.com/techno-secur...
If your IAM is a maze, attackers have already found the exit.
🧩🔐
blog.gitguardian.com/techno-secur...
Human admins aren’t the only VIPs; service accounts and automation scripts need the spotlight too.
👀
Read how GitGuardian helps you widen the scope of PAM and kill secret sprawl for good.
blog.gitguardian.com/working-towa...
#AppSec #SecOps
👀
Read how GitGuardian helps you widen the scope of PAM and kill secret sprawl for good.
blog.gitguardian.com/working-towa...
#AppSec #SecOps
October 31, 2025 at 4:09 PM
Human admins aren’t the only VIPs; service accounts and automation scripts need the spotlight too.
👀
Read how GitGuardian helps you widen the scope of PAM and kill secret sprawl for good.
blog.gitguardian.com/working-towa...
#AppSec #SecOps
👀
Read how GitGuardian helps you widen the scope of PAM and kill secret sprawl for good.
blog.gitguardian.com/working-towa...
#AppSec #SecOps
🚀 At #INCYBERCanada 2025 in Montréal we heard loud & clear: compliance doesn’t cut it anymore—collaboration is the new security foundation. 🌐 Let’s govern machine identities, secure our global supply‑chains, and build resilience together.
blog.gitguardian.com/incyber-foru...
blog.gitguardian.com/incyber-foru...
INCYBER Forum Canada 2025: Collaboration Wins Over Compliance
At INCYBER Forum Canada 2025, leaders from across sectors explored AI, supply-chain risk, and culture-driven defense, stressing that true resilience is built together.
blog.gitguardian.com
October 21, 2025 at 2:11 PM
🚀 At #INCYBERCanada 2025 in Montréal we heard loud & clear: compliance doesn’t cut it anymore—collaboration is the new security foundation. 🌐 Let’s govern machine identities, secure our global supply‑chains, and build resilience together.
blog.gitguardian.com/incyber-foru...
blog.gitguardian.com/incyber-foru...
Back to security basics at CornCon 11: Why resilience beats perfection
The big takeaway:
Embrace sustainable security programmes – don’t chase zero‑risk illusions, build something you can maintain.
Read more: blog.gitguardian.com/corncon-11/
The big takeaway:
Embrace sustainable security programmes – don’t chase zero‑risk illusions, build something you can maintain.
Read more: blog.gitguardian.com/corncon-11/
Rethinking Security Resilience And Getting Back To Basics At CornCon 11
CornCon 11 emphasized security basics, real-world risk alignment, and sustainable practices to help teams build resilient programs in today’s complex threat landscape.
blog.gitguardian.com
October 21, 2025 at 1:21 PM
Back to security basics at CornCon 11: Why resilience beats perfection
The big takeaway:
Embrace sustainable security programmes – don’t chase zero‑risk illusions, build something you can maintain.
Read more: blog.gitguardian.com/corncon-11/
The big takeaway:
Embrace sustainable security programmes – don’t chase zero‑risk illusions, build something you can maintain.
Read more: blog.gitguardian.com/corncon-11/
GitHub is doubling down: requiring WebAuthn, OIDC, and ultra-short tokens to harden npm publishing. These aren’t just npm rules — they’re lessons for all devs. 🔐
blog.gitguardian.com/security-les...
#DevSecOps #SupplyChainSecurity
blog.gitguardian.com/security-les...
#DevSecOps #SupplyChainSecurity
Security Lessons For All From GitHub's Hardened Package Publication For npm
GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.
blog.gitguardian.com
October 3, 2025 at 4:26 PM
GitHub is doubling down: requiring WebAuthn, OIDC, and ultra-short tokens to harden npm publishing. These aren’t just npm rules — they’re lessons for all devs. 🔐
blog.gitguardian.com/security-les...
#DevSecOps #SupplyChainSecurity
blog.gitguardian.com/security-les...
#DevSecOps #SupplyChainSecurity
Who owns your API keys?
Spoiler: probably not the person you think
😅 Stop playing hot potato with NHIs—focus on context, not blame.
👉 blog.gitguardian.com/defining-nhi...
#OWASP #NHIs #MachineIdentities
Spoiler: probably not the person you think
😅 Stop playing hot potato with NHIs—focus on context, not blame.
👉 blog.gitguardian.com/defining-nhi...
#OWASP #NHIs #MachineIdentities
Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT
Learn how to shift the conversation from "who’s to blame" to "who has context" in managing non-human identities across modern enterprise IT infrastructure.
blog.gitguardian.com
September 19, 2025 at 2:08 PM
Who owns your API keys?
Spoiler: probably not the person you think
😅 Stop playing hot potato with NHIs—focus on context, not blame.
👉 blog.gitguardian.com/defining-nhi...
#OWASP #NHIs #MachineIdentities
Spoiler: probably not the person you think
😅 Stop playing hot potato with NHIs—focus on context, not blame.
👉 blog.gitguardian.com/defining-nhi...
#OWASP #NHIs #MachineIdentities
BlueTeamCon 2025 taught us: perfection’s overrated; logs, pragmatic AI, and identity tweaks win. Who knew fixing cybersecurity could feel like adulting?
🕵️♂️🔍
Check it out: blog.gitguardian.com/blueteamcon-...
🕵️♂️🔍
Check it out: blog.gitguardian.com/blueteamcon-...
BlueTeamCon 2025: Finding new approaches to security that don’t let perfect stand in the way of better
BlueTeamCon 2025 showed why progress beats perfection in cybersecurity. Explore highlights on visibility, AI safety, collaboration, identity, and pragmatic defense.
blog.gitguardian.com
September 10, 2025 at 3:08 PM
BlueTeamCon 2025 taught us: perfection’s overrated; logs, pragmatic AI, and identity tweaks win. Who knew fixing cybersecurity could feel like adulting?
🕵️♂️🔍
Check it out: blog.gitguardian.com/blueteamcon-...
🕵️♂️🔍
Check it out: blog.gitguardian.com/blueteamcon-...
🚨 𝗕𝗥𝗘𝗔𝗞𝗜𝗡𝗚: 𝗚𝗶𝘁𝗚𝘂𝗮𝗿𝗱𝗶𝗮𝗻 𝗨𝗻𝗰𝗼𝘃𝗲𝗿𝘀 𝗠𝗮𝘀𝘀𝗶𝘃𝗲 𝗦𝘂𝗽𝗽𝗹𝘆 𝗖𝗵𝗮𝗶𝗻 𝗔𝘁𝘁𝗮𝗰𝗸
We've discovered a coordinated campaign we called "GhostAction", that compromised 817 #GitHub repositories across 327 users, 𝘀𝘁𝗲𝗮𝗹𝗶𝗻𝗴 𝟯,𝟯𝟮𝟱 𝘀𝗲𝗰𝗿𝗲𝘁𝘀 through malicious CI/CD workflows.
blog.gitguardian.com/ghostaction-...
We've discovered a coordinated campaign we called "GhostAction", that compromised 817 #GitHub repositories across 327 users, 𝘀𝘁𝗲𝗮𝗹𝗶𝗻𝗴 𝟯,𝟯𝟮𝟱 𝘀𝗲𝗰𝗿𝗲𝘁𝘀 through malicious CI/CD workflows.
blog.gitguardian.com/ghostaction-...
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that *exfiltrated 3,3...
blog.gitguardian.com
September 5, 2025 at 3:37 PM
🚨 𝗕𝗥𝗘𝗔𝗞𝗜𝗡𝗚: 𝗚𝗶𝘁𝗚𝘂𝗮𝗿𝗱𝗶𝗮𝗻 𝗨𝗻𝗰𝗼𝘃𝗲𝗿𝘀 𝗠𝗮𝘀𝘀𝗶𝘃𝗲 𝗦𝘂𝗽𝗽𝗹𝘆 𝗖𝗵𝗮𝗶𝗻 𝗔𝘁𝘁𝗮𝗰𝗸
We've discovered a coordinated campaign we called "GhostAction", that compromised 817 #GitHub repositories across 327 users, 𝘀𝘁𝗲𝗮𝗹𝗶𝗻𝗴 𝟯,𝟯𝟮𝟱 𝘀𝗲𝗰𝗿𝗲𝘁𝘀 through malicious CI/CD workflows.
blog.gitguardian.com/ghostaction-...
We've discovered a coordinated campaign we called "GhostAction", that compromised 817 #GitHub repositories across 327 users, 𝘀𝘁𝗲𝗮𝗹𝗶𝗻𝗴 𝟯,𝟯𝟮𝟱 𝘀𝗲𝗰𝗿𝗲𝘁𝘀 through malicious CI/CD workflows.
blog.gitguardian.com/ghostaction-...
Overprivileged bots are the new insider threat 🤖💣
Most API tokens still have full access.
Why?
Because to many teams, breaking prod > breaking security.
Time to rethink privilege and NHI governance.
Full post 👉
blog.gitguardian.com/principle-of...
Most API tokens still have full access.
Why?
Because to many teams, breaking prod > breaking security.
Time to rethink privilege and NHI governance.
Full post 👉
blog.gitguardian.com/principle-of...
Why the Principle of Least Privilege Is Critical for Non-Human Identities
Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.
blog.gitguardian.com
September 4, 2025 at 2:15 PM
Overprivileged bots are the new insider threat 🤖💣
Most API tokens still have full access.
Why?
Because to many teams, breaking prod > breaking security.
Time to rethink privilege and NHI governance.
Full post 👉
blog.gitguardian.com/principle-of...
Most API tokens still have full access.
Why?
Because to many teams, breaking prod > breaking security.
Time to rethink privilege and NHI governance.
Full post 👉
blog.gitguardian.com/principle-of...
Following the recent breach, we've just published the complete playbook: how to build a #Salesforce secrets scanning pipeline using Salesforce CLI + GitGuardian's detection engine.
Read our emergency response guide: lnkd.in/e78Jm586
Read our emergency response guide: lnkd.in/e78Jm586
September 3, 2025 at 3:06 PM
Following the recent breach, we've just published the complete playbook: how to build a #Salesforce secrets scanning pipeline using Salesforce CLI + GitGuardian's detection engine.
Read our emergency response guide: lnkd.in/e78Jm586
Read our emergency response guide: lnkd.in/e78Jm586
Heads up Nx users, your credentials might have been leaked.
Hear from GitGuardian's Cybersecurity Researcher on what he discovered when he dug into the recent Nx "s1ngularity" attack, affecting thousands of users.
youtu.be/t3RSKws0en4
#Nx #s1ngularity #DevSecOps #SupplyChainAttack
Hear from GitGuardian's Cybersecurity Researcher on what he discovered when he dug into the recent Nx "s1ngularity" attack, affecting thousands of users.
youtu.be/t3RSKws0en4
#Nx #s1ngularity #DevSecOps #SupplyChainAttack
Investigating The Nx "s1ngularity" Attack: What GitGuardian Uncovered And How You Can Stay Safe
YouTube video by GitGuardian
youtu.be
August 28, 2025 at 6:38 PM
Heads up Nx users, your credentials might have been leaked.
Hear from GitGuardian's Cybersecurity Researcher on what he discovered when he dug into the recent Nx "s1ngularity" attack, affecting thousands of users.
youtu.be/t3RSKws0en4
#Nx #s1ngularity #DevSecOps #SupplyChainAttack
Hear from GitGuardian's Cybersecurity Researcher on what he discovered when he dug into the recent Nx "s1ngularity" attack, affecting thousands of users.
youtu.be/t3RSKws0en4
#Nx #s1ngularity #DevSecOps #SupplyChainAttack
𝗤𝟮 𝟮𝟬𝟮𝟱 𝗣𝗿𝗼𝗱𝘂𝗰𝘁 𝗥𝗲𝗰𝗮𝗽: 𝗚𝗶𝘁𝗚𝘂𝗮𝗿𝗱𝗶𝗮𝗻 𝗦𝗵𝗮𝗿𝗽𝗲𝗻𝘀 𝘁𝗵𝗲 𝗘𝗱𝗴𝗲 𝗼𝗻 #𝗦𝗲𝗰𝗿𝗲𝘁𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 & 𝗔𝗴𝗲𝗻𝘁𝗶𝗰 𝗔𝗜 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻!
Explore our advancements in secrets security across code, collaboration tools, and public repos. Dive into new Agentic #AI protection, #NHI lifecycle automation.
blog.gitguardian.com/q2-2025-reca...
Explore our advancements in secrets security across code, collaboration tools, and public repos. Dive into new Agentic #AI protection, #NHI lifecycle automation.
blog.gitguardian.com/q2-2025-reca...
July 28, 2025 at 9:20 AM
𝗤𝟮 𝟮𝟬𝟮𝟱 𝗣𝗿𝗼𝗱𝘂𝗰𝘁 𝗥𝗲𝗰𝗮𝗽: 𝗚𝗶𝘁𝗚𝘂𝗮𝗿𝗱𝗶𝗮𝗻 𝗦𝗵𝗮𝗿𝗽𝗲𝗻𝘀 𝘁𝗵𝗲 𝗘𝗱𝗴𝗲 𝗼𝗻 #𝗦𝗲𝗰𝗿𝗲𝘁𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 & 𝗔𝗴𝗲𝗻𝘁𝗶𝗰 𝗔𝗜 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻!
Explore our advancements in secrets security across code, collaboration tools, and public repos. Dive into new Agentic #AI protection, #NHI lifecycle automation.
blog.gitguardian.com/q2-2025-reca...
Explore our advancements in secrets security across code, collaboration tools, and public repos. Dive into new Agentic #AI protection, #NHI lifecycle automation.
blog.gitguardian.com/q2-2025-reca...
Learn how Snowflake saved 10 hours per day for DevOps teams who were previously drowning in secret rotation hell, and remediated 50% of discovered secrets already. Insights from #SecDays {Virtual}
blog.gitguardian.com/from-secrets...
blog.gitguardian.com/from-secrets...
From Secrets Sprawl to Secretless: Snowflake's Journey through NHI Lifecycle Management
Learn how Snowflake is tackling NHIs, from secrets sprawl to a secretless architecture using GitGuardian for detection and Aembit for prevention.
blog.gitguardian.com
July 25, 2025 at 7:45 AM
Learn how Snowflake saved 10 hours per day for DevOps teams who were previously drowning in secret rotation hell, and remediated 50% of discovered secrets already. Insights from #SecDays {Virtual}
blog.gitguardian.com/from-secrets...
blog.gitguardian.com/from-secrets...
🚀 Introducing our #MCP Server!
Your #AI agents can now handle secrets security directly in your workflow:
• "Scan this code for leaked secrets"
• "Remediate all my project incidents"
• "Generate AWS honeytoken"
500+ secret types detected. Zero context switching.
Code: github.com/GitGuardian/gg-mcp
Your #AI agents can now handle secrets security directly in your workflow:
• "Scan this code for leaked secrets"
• "Remediate all my project incidents"
• "Generate AWS honeytoken"
500+ secret types detected. Zero context switching.
Code: github.com/GitGuardian/gg-mcp
July 16, 2025 at 4:02 PM
🚀 Introducing our #MCP Server!
Your #AI agents can now handle secrets security directly in your workflow:
• "Scan this code for leaked secrets"
• "Remediate all my project incidents"
• "Generate AWS honeytoken"
500+ secret types detected. Zero context switching.
Code: github.com/GitGuardian/gg-mcp
Your #AI agents can now handle secrets security directly in your workflow:
• "Scan this code for leaked secrets"
• "Remediate all my project incidents"
• "Generate AWS honeytoken"
500+ secret types detected. Zero context switching.
Code: github.com/GitGuardian/gg-mcp
🎭 Don’t let your CI bots do the tango with secrets—OWASP’s AI Testing Guide + GitGuardian’s NHI secret-police = least privilege enforcement in every pipeline! 🛡️
blog.gitguardian.com/owasp-ai-tes...
blog.gitguardian.com/owasp-ai-tes...
Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance
Align your AI pipelines with OWASP AI Testing principles using GitGuardian’s identity-based insights to monitor, enforce, and audit secrets and token usage.
blog.gitguardian.com
June 26, 2025 at 4:44 PM
🎭 Don’t let your CI bots do the tango with secrets—OWASP’s AI Testing Guide + GitGuardian’s NHI secret-police = least privilege enforcement in every pipeline! 🛡️
blog.gitguardian.com/owasp-ai-tes...
blog.gitguardian.com/owasp-ai-tes...
We're live! 🤩 Join our SecDays {Virtual} event right now as we're discussing the expanding non-human identities attack surface: lnkd.in/e_NqGttp
SecDays Virtual 2025 🚀 | LinkedIn
Join us for GitGuardian SecDays Virtual 2025 – a global event dedicated to securing Non-human Identities and their secrets in the age of AI agents.
This year, we're bringing together the industry le...
lnkd.in
June 26, 2025 at 12:59 PM
We're live! 🤩 Join our SecDays {Virtual} event right now as we're discussing the expanding non-human identities attack surface: lnkd.in/e_NqGttp
✍️ Meet our new blog author, Andy Rea! In his latest piece, “Automated Guard Rails for Vibe Coding,” Andy shares how automation can let teams code with confidence—without losing sight of security or compliance blog.gitguardian.com/automated-gu...
#vibecoding #aiguardrails
#vibecoding #aiguardrails
June 19, 2025 at 10:57 AM
✍️ Meet our new blog author, Andy Rea! In his latest piece, “Automated Guard Rails for Vibe Coding,” Andy shares how automation can let teams code with confidence—without losing sight of security or compliance blog.gitguardian.com/automated-gu...
#vibecoding #aiguardrails
#vibecoding #aiguardrails
🧱 Compliance builds the scaffold, but AI‑powered checks & human brains build the fortress. Heard at #ShowMeCon 2025: policy + AI + validation = real risk reduction. 🛡️
blog.gitguardian.com/showmecon-20...
blog.gitguardian.com/showmecon-20...
The Role of AI and Compliance in Modern Risk Management: ShowMeCon 2025
The speakers at ShowMeCon 2025 explored why policy isn't protection without validation. AI, identity, and threat detection must align to reduce operational risk.
blog.gitguardian.com
June 18, 2025 at 3:49 PM
🧱 Compliance builds the scaffold, but AI‑powered checks & human brains build the fortress. Heard at #ShowMeCon 2025: policy + AI + validation = real risk reduction. 🛡️
blog.gitguardian.com/showmecon-20...
blog.gitguardian.com/showmecon-20...
Your secrets don’t care who leaked them—human or bot. 🤖 #Identiverse2025 showed why NHIs are today’s identity crisis. From agentic AI to orphaned creds, governance can’t wait. Read our recap:
blog.gitguardian.com/identiverse-...
blog.gitguardian.com/identiverse-...
Identiverse 2025: Trust, Delegation, and the Era of Continuous Identity
Identiverse 2025 exposed the urgent need for NHI governance. From AI agents to orphaned credentials, NHIs and their sprawling secrets are today’s most overlooked risks.
blog.gitguardian.com
June 14, 2025 at 1:48 AM
Your secrets don’t care who leaked them—human or bot. 🤖 #Identiverse2025 showed why NHIs are today’s identity crisis. From agentic AI to orphaned creds, governance can’t wait. Read our recap:
blog.gitguardian.com/identiverse-...
blog.gitguardian.com/identiverse-...
Missed #BSides312? Our own @mdwayne-real.bsky.social was there and captured all the highlights! Reading his recap is like attending the event yourself. 👉 blog.gitguardian.com/bsides312-20...
Security Isn’t A Solo Sport: Community, Burnout, and Identity at BSides312
At BSides312 in Chicago, experts showed that defending systems requires defending people, with trust, inclusion, and communication as key controls. Defense is deeply human.
blog.gitguardian.com
June 5, 2025 at 1:22 PM
Missed #BSides312? Our own @mdwayne-real.bsky.social was there and captured all the highlights! Reading his recap is like attending the event yourself. 👉 blog.gitguardian.com/bsides312-20...
Reposted by GitGuardian
By me @forbes.com: 23 million new secrets leaked. When will it ever end? #kudos @gitguardian.com for the analysis.
#infosec
www.forbes.com/sites/daveyw...
#infosec
www.forbes.com/sites/daveyw...
Warning — 23 Million New Plaintext Credentials Leaked Online
Researchers uncover 23 million new credentials leaked in public, including passwords, authentication tokens and more.
www.forbes.com
May 12, 2025 at 1:09 PM
By me @forbes.com: 23 million new secrets leaked. When will it ever end? #kudos @gitguardian.com for the analysis.
#infosec
www.forbes.com/sites/daveyw...
#infosec
www.forbes.com/sites/daveyw...
CISOs at RSAC 2025: “AI won’t wait for your approval.” Agentic AI is here, with keys and autonomy. Got NHI governance yet? 🔑🚪
Read our recap of the world's largest security conference
blog.gitguardian.com/rsa-conferen...
Read our recap of the world's largest security conference
blog.gitguardian.com/rsa-conferen...
RSA Conference 2025: How Agentic AI Is Redefining Trust, Identity, and Access at Scale
RSAC 2025 revealed that AI agents are reshaping trust and identity. Learn what top CISOs are doing about it and how the conversation about NHI governance is evolving.
blog.gitguardian.com
May 9, 2025 at 3:07 PM
CISOs at RSAC 2025: “AI won’t wait for your approval.” Agentic AI is here, with keys and autonomy. Got NHI governance yet? 🔑🚪
Read our recap of the world's largest security conference
blog.gitguardian.com/rsa-conferen...
Read our recap of the world's largest security conference
blog.gitguardian.com/rsa-conferen...
A few months ago, our automated detection platform uncovered an xAI API key exposed on public GitHub. What stood out was the key's broad access—not just public models, but unreleased and private ones tied to projects at SpaceX and Tesla.
🚨More details here blog.gitguardian.com/xai-secret-l...
🚨More details here blog.gitguardian.com/xai-secret-l...
xAI Secret Leak: The Story of a Disclosure
AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws ...
blog.gitguardian.com
May 9, 2025 at 12:41 PM
A few months ago, our automated detection platform uncovered an xAI API key exposed on public GitHub. What stood out was the key's broad access—not just public models, but unreleased and private ones tied to projects at SpaceX and Tesla.
🚨More details here blog.gitguardian.com/xai-secret-l...
🚨More details here blog.gitguardian.com/xai-secret-l...
In this episode of the Security Repo Podcast, Chris Lindsey dives deep into the realities of using AI in software development and its security implications, including the concept of “Shadow AI.”
www.youtube.com/watch?v=1NBn...
www.youtube.com/watch?v=1NBn...
May 8, 2025 at 5:11 PM
In this episode of the Security Repo Podcast, Chris Lindsey dives deep into the realities of using AI in software development and its security implications, including the concept of “Shadow AI.”
www.youtube.com/watch?v=1NBn...
www.youtube.com/watch?v=1NBn...