Symmetric Cryptography in Practice: A Developer’s Guide to Key Management
Symmetric cryptography powers everything from HTTPS to JWT tokens, but key management remains a significant challenge. This developer guide covers three critical use cases—session keys, self-use keys, and pre-shared keys—with practical strategies for secure generation, rotation, and storage ... Read More
xAI Secret Leak: The Story of a Disclosure
AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain ... Read More
A Look Into the Secrets of MCP: The New Secret Leak Source
MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP is a new source of leaks that already discloses real-world secrets ... Read More
From Alert to Action: Best Practices to Handle Responsible Disclosure
Responsible disclosure is an often overlooked but critical component of cybersecurity alerting processes. Explore key best practices that can enhance communication and collaboration with researchers, turning potential security threats into opportunities for stronger defense ... Read More
A Peek on Cloud Security: JSSI 2025
At JSSI 2025, French IT security experts discussed the cloud's impact on security. Presentations covered strategy and technical analysis. GitGuardian’s researchers shared insights on detecting secrets in the cloud and responsibly disclosing them to companies ... Read More
Compromised tj-actions/changed-files GitHub Action: A look at publicly leaked secrets
On March 14, 2025, the popular GitHub action tj-actions/changed-files was compromised, exposing secrets in CI logs. GitGuardian's analysis identified leaked secrets like GitHub tokens, AWS keys, and more ... Read More
The Secret to Your Artifactory: Inside The Attacker Kill-Chain
Artifactory token leaks are not the most common, but they pose significant risks, exposing sensitive assets and enabling supply chain attacks. This article explores the dangers of leaked tokens and proposes mitigation strategies, including token scoping and implementing least privilege policies ... Read More
The secret to your Artifactory: A Deep Dive into Critical Exposures
While Artifactory tokens aren't the most common leaked secrets, GitGuardian's research reveals their critical nature in corporate environments. Recent investigations across major industries show how these tokens frequently expose sensitive resources through build configurations and DevOps code ... Read More
Doomed Keys and Hidden Threats: The Scariest Secrets in Your Repositories
At GitGuardian we see things that no one should ever see. We detect and collect leaked secrets that are so hideous we could lose our sanity. Let us introduce you to some of the most terrifying leaks we saw this year. If you dare ... Read More
Juliet C# Benchmark and the SecureString case
Juliet C# is a project from the National Institute of Standards and Technology of the USA. As a security benchmark project, we used Juliet C# 1.3 to test and improve our C# analyzer. Here is a glimpse of the work we did around Juliet and some of its test cases ... Read More
