Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP's Node.js packages — and it's still active. Here's what GitGuardian found.

LLMs leave statistical fingerprints in the passwords they generate. We built a 100-year-old model to find them and detected 28,000 in the wild.

Understand where short-lived credentials reduce risk in agentic systems and where operational complexity requires stronger monitoring and governance controls.

The Mythos-ready briefing names secrets rotation, NHI governance, and honeytokens as critical controls. Zero-days don't replace credential attacks; they accelerate them. Credential security deserves to move up every CISO's priority list.

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.

This year's Devner OWASP event showed why modern AppSec depends on secure defaults, stronger provenance, and security controls that appear where developers make decisions.

Vercel's Context.ai breach exposed environment variables that weren't marked sensitive. Learn how to pull and scan your secrets with GitGuardian.

From AI agents to identity abuse, ATLSECCON 2026 focused on how security teams can reduce exposure, improve visibility, and make trust enforceable while moving ever faster.

AI agents need to authenticate with numerous systems, making AI authentication a crucial security boundary that determines blast radius, revocability, and long-term governance risk.

GitHub is hardening Actions with deterministic dependencies, scoped secrets, and policy controls. Teams still need immediate detection and remediation for today’s risk.