GitGuardian08 phút
AI Is the Newest Developer To Misunderstand Secrets In Your Git History
AI coding agents like Cursor, Claude Code, and Codex are repeating a classic developer mistake: when cleaning up hardcoded secrets, they commit a fix that removes the secret from HEAD but leave it intact in Git history. Security researchers found ~124,000 such partial remediations on GitHub. Proper remediation requires rotating the credential first, then rewriting Git history using tools like git-filter-repo, and force-pushing the cleaned history. GitGuardian's Agent Skills address this by teaching agents to scan full commit history before remediating, install pre-commit hooks, and use the GitGuardian MCP server to access incident context and validity status directly from the IDE.