Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With 100x more non-human identities than human identities expected in 2025, the way we manage machine credentials is fundamentally broken. 83% of attacks involve compromised secrets, yet many organizations still rely on hardcoded keys, sprawling secrets, and scattered vault deployments.

GitGuardian is excited to introduce Machine Learning Powered Similar Incident Grouping, which cuts through the noise by identifying incident-specific patterns across your inventory and clustering incidents that belong together, so you can handle repetitive cases efficiently and reduce incident response toil.

The GitGuardian Platform now automatically ranks every secrets incident with a risk score from 0–100, turning alert floods into a prioritized, trustworthy work queue. Scores are computed from incident context (like validity, exposure, where it was found, and exploitability) and build on existing ML capabilities like Secret Enricher and our False-Positive Remover, which cuts false positives by 80%+.

AI isn’t creating new security problems, it’s exposing existing ones at scale. GitGuardian saw 24M secrets leaked on public GitHub last year (+25%), and private repos are far more likely to contain secrets because people get careless when they feel safe. AI also enables more non-developers to ship apps without security training and generates oversized PRs that can’t be realistically reviewed, increasing leak risk. Attackers increasingly don’t “hack”, they use leaked credentials to log in and blend in like normal users, making traditional incident response less effective.

In this webinar, we break down a simple but increasingly common problem: secrets leak wherever text flows, and modern LLM apps and agentic workflows are built to move text fast. We walk through concrete demos showing how API keys and passwords can surface through RAG-based assistants when secrets accidentally live in knowledge bases (tickets, docs, internal wikis). We also show why “just harden the system prompt” isn’t a reliable fix, and how output-only redaction can be bypassed (for example by simple formatting/encoding tricks). Most importantly, we explore real-world agent architectures.

In this video, we introduce ggshield honeytoken and why it’s one of the most powerful tools in the GitGuardian toolbox. A honeytoken is a decoy secret that alerts you the moment someone tries to use it or validate it. Think of it like a digital tripwire. In GitGuardian, honeytokens can be created through the dashboard or API, and they look like real AWS keys because they are valid credentials. The difference is they grant zero access and are isolated to an AWS account GitGuardian maintains specifically for this purpose.

Since 2018, GitGuardian has been scanning for secrets added to GitHub public repositories. When a secret is found, GitGuardian hashes it and stores only a fingerprint of the secret. That fingerprint is what you can search against to verify whether any of your secrets have leaked in public repositories, gists, or issues on GitHub. This service is called Has My Secret Leaked, and in ggshield you’ll see it as the HMSL commands. There’s also a web interface, but in this section we stay in the terminal and use ggshield end to end.