webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
The Need for Stronger Non-Human Identity Governance in DevOps and DevSecOps
March 25, 2025
According to CyberArk research, Non-Human Identities (NHIs) outnumbered human identities by at least 45-to-1 in 2022. This ratio has likely increased in 2025, driven by agentic AI and,vibe coding(link is external) accelerating system deployment.
At the core of every NHI is an authentication credential, aka a secret. GitGuardian's 2025 State of Secrets Sprawl Report reveals concerning trends in secrets exposure, indicating current management approaches are insufficient to address NHI-related risks.
The report found 23.77 million new secrets exposed on GitHub in 2024 — a 25% increase year-over-year. This surge correlates directly with the growing complexity and volume of authenticating NHIs.
Automated Secret Rotation and Lifecycle Management
70% of valid secrets first detected in public repositories in 2022 remain active as of January 2025. This indicates not a detection problem but a rotation problem. The first step toward automating secrets rotation is the adoption of secret management platforms, commonly referred to as vaults.
But even organizations using vault solutions experience significant leaks, with 5.1% of studied repositories containing at least one secret in 2024. Simply storing a secret in a vault once isn't sufficient. We need to adopt better governance models that ensure secrets stored in vaults are being managed and rotated.
Related to rotation is offboarding. Many organizations focus on human onboarding while neglecting NHI offboarding processes. Automated secret rotation and NHI decommissioning should be standard security practices. Governance frameworks must require continuous NHI monitoring to ensure the prompt removal of inactive or unnecessary identities.
Generic Secrets and Homegrown NHIs
GitGuardian found that 58% of detected secrets were classified as generic — from username/password pairs to database connection strings to custom API keys. Specific secrets, by contrast, belong to known providers and follow predictable patterns that many security tools can detect.
Organizations building homegrown NHIs (internal APIs, microservices, automation tools) face significant governance challenges. These systems often use proprietary authentication mechanisms whose secrets don't match known detection patterns, creating an unmanaged layer of vulnerable credentials. Attackers who obtain these secrets can exploit NHIs to move laterally across systems.
Effective NHI governance requires context-aware tools to discover and account for generic secrets. Machine learning tools that analyze entire codebases can identify NHI secrets regardless of structure.
AI Assistants as Breach Pathways
AI-powered tools like GitHub Copilot increased secrets leak incidents by 40% compared to repositories not using Copilot. An increasing reliance on AI-assisted development and low-code/no-code platforms introduces new challenges for NHI governance, as these tools can unintentionally generate or expose credentials. This trend also raises concerns about NHIs in cloud-based collaboration platforms, where secrets are shared between automated systems and human users.
From an NHI governance perspective, this highlights the need for real-time monitoring of non-traditional secret exposure channels as well as policy enforcement mechanisms that prevent NHIs from interacting with unsecured collaboration tools and platforms. Ideally, developer tooling that prevents these secrets from ever entering the commit history via Git hooks or code editing extensions should be adopted.
Excessive Permissions Enable NHI Exploitation
The GitGuardian report found that excessive permissions make secret leaks significantly more dangerous. Analysis of GitHub and GitLab API tokens revealed that 99% of GitLab API keys had excessive permissions, and 58% had full access. At the same time, 96% of GitHub tokens had write access, with 95% allowing full repository access.
This indicates organizations lack granular control over NHI permissions and systematic mechanisms to audit and restrict excessive permissions. NHI governance must include automated permission analysis, ensuring each NHI secret follows least-privilege and zero-trust principles.
The Future of NHI Governance
The report paints a stark picture of how poor NHI governance is fueling security risks in DevOps. The exponential growth of secrets exposure, excessive permissions, collaboration tool vulnerabilities, and AI-assisted coding risks all point to a singular problem: The current approach to managing NHIs is reactive, fragmented, and incomplete.
To build a secure DevOps ecosystem, organizations must move beyond traditional secrets management and embrace end-to-end NHI governance. This includes:
■ Mapping NHI interdependencies to understand how machine identities interact.
■ Enforcing least privilege policies in an automatable way to eliminate excessive permissions.
■ Integrating security tooling that prevents secrets leakage, especially from AI-generated code.
■ Implementing automated secret rotation and NHI decommissioning.
The future of DevSecOps depends on a proactive, automated, and structured approach to NHI security. The report findings serve as a wake-up call: it’s time to redefine NHI governance as a first-class security priority.
Industry News
March 27, 2025
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
March 18, 2025
Oracle announced the availability of Java 24, the latest version of the programming language and development platform. Java 24 (Oracle JDK 24) delivers thousands of improvements to help developers maximize productivity and drive innovation. In addition, enhancements to the platform's performance, stability, and security help organizations accelerate their business growth ...
