Between AI Urgency and AI Fatigue at RSAC 2026
AI was everywhere at RSAC 2026, but the real focus was operational security: managing agents, protecting secrets, and controlling trusted integrations at scale.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The Team PCP Snowball Effect: A Quantitative Analysis
Supply chain attacks cascade through ecosystems in ways traditional metrics hardly capture. GitGuardian evaluates the PCP Team incidents and finds damage spread to thousands of public targets.
Trivy/LiteLLM Breach: How to Identify Your Exposure and Contain It - 20-min Live Demo
In this 20-minute live demo with Eric Fourrier (CEO and Founder of GitGuardian), Guillaume Valadon (Staff Cybersecurity Researcher at GitGuardian), & Dwayne McDaniel (Principal Developer Advocate at GitGuardian), you'll see how to determine if your machines were compromised by the ongoing Trivy and LiteLLM supply chain attack (attributed to TeamPCP), then scan for exposed secrets and get moving on remediation - step by step.
BSides SF 2026: Looking At Security Beyond The Next Big Bet
BSides SF 2026 explored how identity risk, production drift, and developer tooling are changing modern security strategy for defenders and platform teams.
How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack
Learn how to detect compromise, assess your exposure to the LiteLLM supply chain attack, and use GitGuardian to orchestrate rapid incident response and secret remediation.
Trivy's March Supply Chain Attack Shows Where Secret Exposure Hurts Most
The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images.
Honeytokens on the Developer Workstation: When Cleanup Takes Time
Plaintext secrets on developer machines create real supply chain risk. Honeytokens provide early detection while stronger identity-based controls are rolled out.
Chainguard Assemble 2026 and the Security Factory Mindset
From golden images to agent governance, Chainguard Assemble 2026 focused on how teams can reduce risk by embedding trust, compliance, and security into delivery systems.
GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub
In 2025, Developer Commits Using Claude Code Show 3.2% Secret Leak Rate vs. 1.5% Baseline. The Human Factor Remains Critical.
The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub
GitGuardian’s 5th State of Secrets Sprawl report is here. In this blog, we unpack the key findings behind the 2026 edition, from AI-driven leak growth to the remediation gaps security teams can’t ignore.
Who Actually Owns This Service Account?
When an NHI is compromised, who do you call? GitGuardian NHI ownership eliminates the guessing game with automatic accountability.
ConFoo 2026: Guardrails for Agentic AI, Prompts, and Supply Chains
Read the takeaways from ConFoo 2026, including putting guardrails where requests happen, auditing tool calls, treat dependency updates like production access.
2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk
GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure campaign achieved 97% remediation.
Protecting Developers Means Protecting Their Secrets
Secrets don’t just leak from Git. They accumulate in filesystems, env vars, and agent memory. See how to find them, stop the bleed, and protect your whole supply chain.