GitGuardian leads the way in Non-Human Identity security, offering end-to-end solutions. Website: gitguardian.com Blog: blog.gitguardian.com Free GH audit: s.gitguardian.com/free-audithttps://bsky.app/profile/gitguardian.comhttps://bsky.app/profile/gitguardian.com/post/3mlvgsge7dk2xAfter a developer machine compromise: what secrets were exposed, where, and what needs rotation now? GitGuardian Developer Endpoint Protection scans your fleet via MDM and answers all three: youtu.be/IDzSiJQCZZA https://youtu.be/IDzSiJQCZZA15 May 2026 13:28 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mlvgsge7dk2xhttps://bsky.app/profile/gitguardian.com/post/3mlsx2wmuwc2oEvery time a developer pushes a secret to public GitHub, GitGuardian emails them directly. That's the Good Samaritan program. Millions of alerts sent per year: https://youtube.com/shorts/dUzjIpf3FTI14 May 2026 13:41 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mlsx2wmuwc2ohttps://bsky.app/profile/gitguardian.com/post/3mlqegw7r7c2oGerrit is one of the most widely deployed code review platforms in enterprise environments, yet a blind spot for secrets detection. GitGuardian now scans it, historically and in real time: youtu.be/q1XzY6HvxAI https://youtu.be/q1XzY6HvxAI13 May 2026 13:03 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mlqegw7r7c2ohttps://bsky.app/profile/gitguardian.com/post/3mlnrvtkya22f.env files are plain text secrets on a machine that's a supply chain target. ggshield 1.50 moves API tokens to your OS credential store by default and extends AI hooks to the MCP layer. Full breakdown: youtu.be/4c983T8hAyc https://youtu.be/4c983T8hAyc12 May 2026 12:26 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mlnrvtkya22fhttps://bsky.app/profile/gitguardian.com/post/3mllcfz7qg22fCmd+K from anywhere in GitGuardian and jump to incidents, settings, integrations, or docs without leaving your workspace. Context-aware, role-scoped. Small thing, saves real time mid-incident: youtu.be/Jx-RpuMX7ak https://youtu.be/Jx-RpuMX7ak11 May 2026 12:43 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mllcfz7qg22fhttps://bsky.app/profile/gitguardian.com/post/3mldwkmq3nk2rAsk GitGuardian "what are my top 10 public incidents right now?" and it answers. Natural language triage against all your incidents, in-app. Same 23 tools as the MCP server. Full demo: youtu.be/AqVPvAjkGR0 https://youtu.be/AqVPvAjkGR008 May 2026 14:22 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mldwkmq3nk2rhttps://bsky.app/profile/gitguardian.com/post/3mf2tea74ms2490B events/day and we’re still manually doing L1 triage? That’s not resilience, that’s ✨tradition✨. #ChiBrrCon 2026 takeaway: automate the repetitive, keep humans for judgment, and build real inventories. #AppSec #AI https://blog.gitguardian.com/chibrrcon-2026/17 Feb 2026 15:00 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mf2tea74ms24https://bsky.app/profile/gitguardian.com/post/3mdnomx6owk25🤖 Agents don’t log in. They act. At #NHIcon 2026 the message was clear: human-centric IAM breaks in the age of agentic AI. Static roles + long-lived creds = 🚨 risk amplification. Time for identity at the speed of autonomy. 🔐 blog.gitguardian.com/nhicon-2026 https://blog.gitguardian.com/nhicon-202630 Jan 2026 16:05 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mdnomx6owk25https://bsky.app/profile/gitguardian.com/post/3mczhlylcac25Secrets sprawl ≠ developer mistakes. It’s unmanaged machine access at scale. Boards care about downtime, cost, and resilience, and NHIs sit right in the middle. Here’s how to connect the dots 👇 https://blog.gitguardian.com/boards-focus-on-risks-nhi-governance22 Jan 2026 15:06 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mczhlylcac25https://bsky.app/profile/gitguardian.com/post/3mcabxcbmck2fAI agents aren’t your coworkers. They’re over-permissioned bots with access to prod. Stop pretending they’re cute. Start treating them like risks. 🛑 NHI governance now! https://blog.gitguardian.com/what-ai-agents-can-teach-us-about-nhi-governance/12 Jan 2026 14:49 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mcabxcbmck2fhttps://bsky.app/profile/gitguardian.com/post/3mbtxpumhpk2hAI agents are already causing incidents, and identity controls aren’t ready. Jan 27: Join GitGuardian at #NHIcon2026. Talk: “How Agentic AI Helps You Leak Secrets (and What to Do About It)” (1 PM PST, Builders Track) w/ @mdwayne-real.bsky.social Free registration here: https://aembit.io/nhicon?aff=GitGuardian07 Jan 2026 17:14 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3mbtxpumhpk2hhttps://bsky.app/profile/gitguardian.com/post/3madeuntboc2pAndy Rea built a demo showing how to wire up multiple AI agents using Google's Agent Development Kit (ADK) and the #A2A protocol, with GitGuardian scanning content for secrets. https://blog.gitguardian.com/building-a-multi-agent-security-pipeline-with-googles-a2a-protocol-and-gitguardian/ The complete code is available at: https://github.com/reaandrew/a2a-demo19 Dec 2025 09:29 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3madeuntboc2phttps://bsky.app/profile/gitguardian.com/post/3ma6xnjoiu22m🚀 The future of secure non‑human identity is here! AWS IAM Outbound Identity Federation eliminates long‑term creds in favor of short‑lived tokens. GitGuardian can help you track the migration in real time. https://blog.gitguardian.com/aws-iam-outbound-identity-federation-with-gitguardian/ #DevSecOps #AppSec17 Dec 2025 15:21 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3ma6xnjoiu22mhttps://bsky.app/profile/gitguardian.com/post/3m7at536sa22sSecrets leaked? Don’t panic—push to vault! 🧯 GitGuardian's Push-to-Vault turns “uh-oh” into “handled” by sending secrets straight into your existing Secret Manager. No more tab juggling. blog.gitguardian.com/push-to-vault/ https://blog.gitguardian.com/push-to-vault/05 Dec 2025 15:41 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m7at536sa22shttps://bsky.app/profile/gitguardian.com/post/3m73v6o7x5s2s🔄 Feature flags, legacy systems, and N+1 queries walk into a dev conf... /dev/mtl 2025 reminds us: it’s not about speed, it’s about smart feedback loops. #DevSecOps blog.gitguardian.com/dev-mtl-2025/ https://blog.gitguardian.com/dev-mtl-2025/03 Dec 2025 16:34 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m73v6o7x5s2shttps://bsky.app/profile/gitguardian.com/post/3m6oukajid22z🚨 #Shai_Hulud techincal analysis is live We've completed our forensic analysis of the Nov 24 supply chain attack. 754 infected npm packages, 20,649 analyzed repositories, 33,185 unique secrets (3,760 valid). blog.gitguardian.com/shai-hulud-2/28 Nov 2025 12:18 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m6oukajid22zhttps://bsky.app/profile/gitguardian.com/post/3m6f4ccfaxk2l🔐 The 2025 #OWASP Top 10 2025 says it loud: access control still #1, but now supply chains & mis‑configs steal the spotlight. Ready your CI/CD, stacks & cloud. https://blog.gitguardian.com/owasp-top-10-2025/ #AppSec #DevSecOps24 Nov 2025 15:10 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m6f4ccfaxk2lhttps://bsky.app/profile/gitguardian.com/post/3m65lenz7z22l🔐 From “API keys in Git” to “agentic AI with scoped identities” — the next frontier of security is non‑human actors with strong attestation. #DevSecOps #CloudNative #CyberArk #SPIFFE #KubeCon https://blog.gitguardian.com/workload-identity-day-zero-atlanta21 Nov 2025 15:19 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m65lenz7z22lhttps://bsky.app/profile/gitguardian.com/post/3m633fpd3e22lContainers were the on‑ramp, not the destination.” At #KubeCon 2025 identity, governance & agent security stole the show. Microservices + AI = new risk surface. Read more: blog.gitguardian.com/kubecon-2025 https://blog.gitguardian.com/kubecon-202520 Nov 2025 15:27 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m633fpd3e22lhttps://bsky.app/profile/gitguardian.com/post/3m4xv6lf4wk2a🚨 Identity is the new perimeter. At #BSidesChicago 2025 we saw attackers moving through the cloud control‑plane like it’s tourist season — service principals & Kubernetes misconfigs are their playground. 🍿 Dive deeper: https://blog.gitguardian.com/bsides-chicago-2025/ #DevSecOps #AppSec06 Nov 2025 15:33 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m4xv6lf4wk2ahttps://bsky.app/profile/gitguardian.com/post/3m4styreia22aAt #TechnoSecurity West 2025, identity = perimeter. If your IAM is a maze, attackers have already found the exit. 🧩🔐 https://blog.gitguardian.com/techno-security-and-digital-forensics-conference-west-2025/04 Nov 2025 15:28 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m4styreia22ahttps://bsky.app/profile/gitguardian.com/post/3m4iug4yuck2aHuman admins aren’t the only VIPs; service accounts and automation scripts need the spotlight too. 👀 Read how GitGuardian helps you widen the scope of PAM and kill secret sprawl for good. https://blog.gitguardian.com/working-towards-improved-pam-widening-the-scope-and-taking-control/ #AppSec #SecOps31 Oct 2025 16:09 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m4iug4yuck2ahttps://bsky.app/profile/gitguardian.com/post/3m3pj4sjzmc2x🚀 At #INCYBERCanada 2025 in Montréal we heard loud & clear: compliance doesn’t cut it anymore—collaboration is the new security foundation. 🌐 Let’s govern machine identities, secure our global supply‑chains, and build resilience together. https://blog.gitguardian.com/incyber-forum-canada-2025/21 Oct 2025 14:11 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m3pj4sjzmc2xhttps://bsky.app/profile/gitguardian.com/post/3m3pgdm2zzk2xBack to security basics at CornCon 11: Why resilience beats perfection The big takeaway: Embrace sustainable security programmes – don’t chase zero‑risk illusions, build something you can maintain. Read more: blog.gitguardian.com/corncon-11/ https://blog.gitguardian.com/corncon-11/21 Oct 2025 13:21 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m3pgdm2zzk2xhttps://bsky.app/profile/gitguardian.com/post/3m2cicle5ws2sGitHub is doubling down: requiring WebAuthn, OIDC, and ultra-short tokens to harden npm publishing. These aren’t just npm rules — they’re lessons for all devs. 🔐 https://blog.gitguardian.com/security-lessons-npm-publishing/ #DevSecOps #SupplyChainSecurity03 Oct 2025 16:26 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3m2cicle5ws2shttps://bsky.app/profile/gitguardian.com/post/3lz6zznlu6k2sWho owns your API keys? Spoiler: probably not the person you think 😅 Stop playing hot potato with NHIs—focus on context, not blame. 👉 https://blog.gitguardian.com/defining-nhi-ownership/ #OWASP #NHIs #MachineIdentities19 Sep 2025 14:07 +0000at://did:plc:vp7sdwxtge3xj2dtowoedctm/app.bsky.feed.post/3lz6zznlu6k2s