San Francisco Secure Software and AppSec Summit 2026: The Next AppSec Operating Model
Security leaders at this SF area Summit examined AI agent risk, dependency governance, stale infrastructure, and the future of secure software.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The GitGuardian Secret Detection Engine Just Got 43X Faster Thanks To Rust
While not a new feature, the GitGuardian team has been hard at work making updates to our TokenScanner, the underlying engine that powers GitGuardian's secret scanning ability. This is great news for folks dealing with very large repos and legacy platforms that thousands of developers have touched over the years. Scanning millions of files, attachments, commits, and anywhere else secrets might be hiding takes minutes. Historical scans across petabytes of information, which used to take days, now take less than an hour. What used to take hours takes a few short minutes.
64% of valid secrets GitGuardian tested in 2022 are still valid in 2026
Read the full report here (no email sign up required).
AI Agents Security for Developers: Don't Let Your Agents Become a Liability
Using Cursor, GitHub Copilot, Claude Code, Codex, or another coding agent means giving software access to more than your code. It can also see the credentials available in your workspace, shell, config files, and development environment.
GitGuardian Now Flags Admin and Overprivileged Identities Across AWS, Entra, and Okta
GitGuardian's NHI Governance now adds privilege context to leaked secrets, auto-escalating admin-level risks for smarter prioritization across AWS, Entra, and Okta. Discover how admin badges and overprivilege detection cut through noise to focus on true blast radius.
GCSI 2026: AI Readiness in a City Built in Layers
GCSI 2026 showed why cyber readiness depends on visibility into vendors, AI tools, identities, workflows, and hidden business dependencies.
How Attackers Use Developer Machines to Breach the Software Supply Chain - May 07, 2026
In April, three major supply chain campaigns hit npm, PyPI, and Docker Hub in just 48 hours, and while the ecosystems were different, the objective was the same: steal credentials from developer environments and CI/CD pipelines. The malware targeted API keys, cloud credentials, SSH keys, GitHub tokens, npm tokens, environment variables, and more, turning developer machines and build systems into high-value credential vaults for attackers.