\n<\/p>\n
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap.<\/p>\n
## Enterprises are Losing Track of Their Machine Identities<\/p>\n
Machine identities\u2013service accounts, API keys, bots, automation, and workload identities\u2013that now outnumber humans by up to 100:1 are in fact a massive blind spot in companies’ security landscape:<\/p>\n
Without robust governance, NHIs become a prime target for attackers. Orphaned credentials, over-privileged accounts, and “zombie” secrets are proliferating\u2014especially as **organizations accelerate cloud adoption, integrate AI-powered agents, and automate their infrastructure**.<\/p>\n
### Secrets Sprawl: The New Attack Surface<\/p>\n
GitGuardian’s research shows that 70% of valid secrets detected in public repositories in 2022 remained active in 2025\u2014a three-year window of vulnerability. These aren’t just theoretical risks. Breaches at organizations like the U.S. Department of the Treasury, Toyota, and The New York Times all began with a leaked or unmanaged machine identity.<\/p>\n
The problem isn’t just about volume. Secrets and credentials are scattered across code, CI\/CD pipelines, cloud environments, and ticketing systems\u2014 environments outside traditional security perimeters.<\/p>\n
This proliferation of unmanaged secrets has caught the attention of security frameworks worldwide. The newly released **OWASP Top 10 Non-Human Identity Risks for 2025** specifically calls out ‘Secret Leakage’ as the #2 risk, noting that compromised credentials are implicated in over 80% of breaches.<\/p>\n
## Why Secrets Managers Alone Aren’t Enough<\/p>\n
Traditional secrets managers (like HashiCorp Vault, CyberArk, AWS Secrets Manager, and Azure Key Vault) are essential for secure storage\u2014but they don’t address the full lifecycle of NHI governance. They can’t discover secrets outside the vault, lack context around permissions, and don’t automate remediation when secrets are leaked or misused.<\/p>\n
GitGuardian’s own analysis found that organizations using secrets managers are in fact more prone to secrets leakage. The secrets leakage incidence of repositories leveraging secrets managers is 5.1% compared with 4.6% for public repositories without secrets managers in place. And to add to this point, repositories with secret managers are more likely to handle sensitive information, increasing the risk of exposure.<\/p>\n
## The Platform Filling the NHI Security Gap<\/p>\n
To address these challenges, organizations must adopt a unified IAM strategy that<\/p>\n
empowers DevOps and SRE teams to effectively govern and secure NHIs, on top of the deployment of secrets management solutions (vaults and or secrets managers). This requires investing in solutions that provide comprehensive secrets discovery, centralized visibility, and automated governance capabilities. By leveraging tools that can map relationships between secrets, enforce consistent policies, and streamline rotation and remediation processes, DevOps and SRE teams can reduce the burden of secrets lifecycle management and focus on delivering value to the business.<\/p>\n
GitGuardian’s NHI Security Platform is designed to address these exact blind spots and risks. Here’s how:<\/p>\n
### **1\\. Discovery and Inventory: Finding the Invisible**<\/p>\n
Manual discovery of machine identities is a lost battle. Secrets exist across repositories, CI\/CD pipelines, ticketing systems, messengers, and cloud environments\u2014often in places security teams don’t monitor. Traditional approaches can’t keep pace with the dynamic nature of modern infrastructure, leading to incomplete inventories.<\/p>\n
GitGuardian’s automated discovery continuously scans these environments, maintaining a real-time inventory enriched with contextual metadata. This centralized view serves as the foundation for effective governance.<\/p>\n
### **2\\. Onboarding and Provisioning: Securing from Day One**<\/p>\n
Inconsistent provisioning processes create immediate risks\u2014misconfigurations, over-permissioned identities, and manual errors. Organizations need standardized workflows that enforce the least privilege access and integrate with centralized secrets management.<\/p>\n
A unified platform ensures consistency across teams and provides real-time visibility into permissions, maintaining a secure and compliant ecosystem from the start.<\/p>\n
### **3\\. Continuous Monitoring: Staying Ahead of Threats**<\/p>\n
Modern enterprises face a monitoring nightmare: machine identities interact across dozens of systems, each with separate logging mechanisms. With organizations averaging six different secret management instances (according to “Voice of Practitioners: The State of Secrets in AppSec”), maintaining consistent policies becomes nearly impossible.<\/p>\n
GitGuardian aggregates and normalizes usage data from multiple sources, providing centralized visibility. Advanced analytics and anomaly detection enable rapid response to high-risk events and policy violations.<\/p>\n
### **4\\. Rotation and Remediation: Keeping Credentials Fresh**<\/p>\n
The stakes are high: CyberArk reports that 72% of organizations experienced certificate-related outages in the past year, with 34% suffering multiple incidents. Managing rotation at scale is complex, especially with system dependencies and inconsistent schedules.<\/p>\n
GitGuardian integrates with popular secrets managers, providing contextual insights to identify owners and streamline remediation, minimizing security incident impact.<\/p>\n
### **5\\. Decommissioning: Eliminating Zombie Credentials**<\/p>\n
Unused or stale identities accumulate as “zombie” credentials\u2014prime targets for attackers. Fragmented tooling and inconsistent processes make proper offboarding difficult, leading to persistent security gaps.<\/p>\n
GitGuardian’s continuous monitoring identifies candidates for decommissioning. <\/p>\n
See GitGuardian’s NHI Security Platform in action with our interactive demo. Discover key features that security teams and IAM leaders love \u2b07\ufe0f<\/p>\n
<\/p>\n
## Compliance and Zero Trust: A Modern Mandate<\/p>\n
Frameworks like PCI DSS 4.0 and NIST now explicitly demand strong controls for machine identities\u2014enforcing least privilege, secure onboarding, and continuous monitoring. GitGuardian’s platform is built with these requirements in mind, helping organizations stay compliant as regulations evolve.<\/p>\n
### Conclusion: Don’t Wait for a Breach<\/p>\n
The stakes are high: financial loss, reputational damage, compliance failure, and\u2014most critically\u2014loss of control over the digital infrastructure that powers your business.<\/p>\n
Forward-thinking CISOs are bringing NHIs into their IAM strategy now. GitGuardian’s platform is the comprehensive, automated solution for discovering, managing, and securing all your machine identities\u2014before attackers do.<\/p>\n
Join us on June 25 for a **20-minute live demo of GitGuardian NHI Security** to see how GitGuardian can help you:<\/p>\n
* Get visibility over all NHI secrets across your infrastructure
* Improve your security hygiene
* Reduce breaches resulting from mismanaged identities<\/p>\n
<\/p>\n
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter _\uf099_ and LinkedIn to read more exclusive content we post.\n<\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Non-Human Identities: How to Address the Expanding Security Risk Update ID THN:CC5121D8B24485B2381976E33CE7DF0C Type thn Published 2025-06-12T11:00:00 Last Updated 2025-06-12T11:00:00…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,7,11,43,5],"class_list":["post-6795","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n
Non-Human Identities: How to Address the Expanding Security Risk - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6795\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Non-Human Identities: How to Address the Expanding Security Risk - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Non-Human Identities: How to Address the Expanding Security Risk Update ID THN:CC5121D8B24485B2381976E33CE7DF0C Type thn Published 2025-06-12T11:00:00 Last Updated 2025-06-12T11:00:00...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6795\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-12T06:33:58+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6795#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6795\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Non-Human Identities: How to Address the Expanding Security Risk\",\"datePublished\":\"2025-06-12T06:33:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6795\"},\"wordCount\":1084,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"thn\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6795#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6795\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6795\",\"name\":\"Non-Human Identities: How to Address the Expanding Security Risk - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-06-12T06:33:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6795#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6795\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6795#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Non-Human Identities: How to Address the Expanding Security Risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Non-Human Identities: How to Address the Expanding Security Risk - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6795","og_locale":"en_US","og_type":"article","og_title":"Non-Human Identities: How to Address the Expanding Security Risk - zero redgem","og_description":"Security Update News Update Information Title Non-Human Identities: How to Address the Expanding Security Risk Update ID THN:CC5121D8B24485B2381976E33CE7DF0C Type thn Published 2025-06-12T11:00:00 Last Updated 2025-06-12T11:00:00...","og_url":"https:\/\/zero.redgem.net\/?p=6795","og_site_name":"zero redgem","article_published_time":"2025-06-12T06:33:58+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6795#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6795"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Non-Human Identities: How to Address the Expanding Security Risk","datePublished":"2025-06-12T06:33:58+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6795"},"wordCount":1084,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","Security","tapic","thn","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6795#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6795","url":"https:\/\/zero.redgem.net\/?p=6795","name":"Non-Human Identities: How to Address the Expanding Security Risk - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-06-12T06:33:58+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6795#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6795"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6795#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Non-Human Identities: How to Address the Expanding Security Risk"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6795"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6795\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}