>Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive.
obviously leaking the credentials itself is crazy, given that its (a contractor to) CISA, but to not respond when notified? crazy crazy.
but wait! it gets worse somehow
"“AWS-Workspace-Firefox-Passwords.csv” — listed plaintext usernames and passwords for dozens of internal CISA systems"
while i understand and sympathize with the fact that CISA is kind of being gutted, a passwords.csv with weak passwords is inexcusable incompetence. not much budget is required for a password manager.
Not defending this person, but it's obvious that this person used Github as a file-sync. Firefox-passwords.html and firefox-bookmarks.html are what you dump before migrating to a new computer and importing them there. An old school practice before FF sync was around.
This is mentioned in the article but it stood out enough to call it here.
One the one hand the CISA is being gutted, and on the other hand there is an ever increase of rhetoric about cybersecurity, national interests, critical infrastructure..
Most of the folks I know who were with CISA were purged with the January-March 2025 Doge campaign. 0 notice "we 20 year olds dont understand what you do so fired".
A group was working on Diebold voting insecurity, and foreign implant hacking. Gone.
> ...A group was working on Diebold voting insecurity, and foreign implant hacking. Gone...
The conspiracy theorist in me from years ago would have stated that maybe this action from DOGE was purposeful...but, nowadays, i see lots more incompetence that merely might present/display as conspiracy! lol :-D
The first "hack" I ever reported was when I found a plaintext passwords file on my high school computer network...in 1987. The more things change, the more they stay the same.
Mine too, but it was in the late 90’s and I found an open table in an access database that the school district used for grades and attendance. It listed plaintext usernames and passwords for every user in the system. I managed to use that to get to know the districts head of IT and get a summer job with them.
DOGE. It's DOGE. This is just things going according to plan for people that think the US government is too powerful or that there is a fortune to be made in stealing public sector resources and privatizing them.
It is a bad plan that has and will continue to harm people, but it is intentional.
Yes, DOGE invented storing lists of text passwords and uploading them somewhere. What a monumental cost savings innovation, surely never been done before!
Dealing with IT departments run wild with cyber security monkeys that can only follow checklists with no independent thought.
The spreadsheet of passwords is a tad more common than it should be because the password managers don't meet whatever arbitrary checklist of invented cyber security requirements they blindly follow. But Excel does.
Sure, it could be incompetence. It could also be an intentional strategy to tie up CISA/DHS resources, poison or obstruct CISA/DHS investigations/operations, open up systems to sunlight and journalism, or cause general chaos.
The not-responding-when-notified part makes me think it's not just incompetence.
>The not-responding-when-notified part makes me think it's not just incompetence.
Strong disagree. The person in question probably thought it was a private repo on Github and had a massive deer in headlights reaction when they got contacted. Whoever this is, lost their job, possibly security clearance and more. This was 100% life altering "mistake"/gross incompetence decision they made.
I think one thing that people are sleeping on is passing a ton of secrets to OpenAI and Anthropic or your OpenRouter by having a .env or secrets on disk in your repo, but not checked in
Your LLM will happily read the entire file, ship it off to be training data for future versions of ChatGPT, and not raise any flags, because let's be fair it was on ok thing to check if all the env vars were set, or it you had set up the database password for the app.
It's time for orgs to audit and rotate secrets wherever they are stored in disk or in logs, and switch to SOPS or Vault or whatever to keep these out if plaintext except exactly when needed.
Agreed. Static long lived credentials are real problems. Kudos for AWS and the other hyperscalers for building the tooling to move away from them. And providing some gentle and not-so-gentle nudges away from it too.
But not everyone is where they need to be. For instance, railway doesn't let you access AWS resources via roles/OIDC. I filed a ticket[0] but haven't seen movement.
I no longer keep my dotenv files in plaintext. I use `sops` to keep an encrypted env around and you can use tools like direnv to make them available to your shell while you're working. Obviously the LLM could print any of these secrets, but it's less likely. Additionally I find that at least claude seems to avoid reading the dotenv. And lastly, don't make any local secrets that important. Limited scope, dev accounts, etc.
You might like varlock - it helps keep secrets out of plaintext by using plugins to pull from various backends (aws ssm, gcp, vault, 1pass, etc). Also has built in local encryption with shared team vaults coming soon.
Additionally provides pre commit scanning, log redaction, and much more.
SOPS is exactly what I use too, and since it's so old I was using a planning session with an LLM to figure out if there was something more recent that might be more convenient. But Claude stuck with the SOPS rec! (Coupled with `age` for encryption, probably because I had shown an interest in that tool in a different session... memory poisoning is a huge problem I'm having with these tools right now too.)
In fairness, any secrets in your .env file in your development tree shouldn't have very important secrets. They should be limited access dev secrets and any secrets that go to "production" systems like an OpenAI dev environment should be limited, where possible.
Besides leaking, it's easy to oopsie and DoS a system or send malformed requests in the course of testing and development. You don't want a surprise $1k bill cause someone was working on some test automation and accidentally sent thousands of real results in the process.
I've noticed recently that at least Claude will try its best not to read your env files. You really need to push it in the prompt if you want it to read and access your DB for example.
We all have our own experiences with these probabilistic tools, but in my personal experience, two out of four my green-field LLM prototypes had early dev secrets in them, and Claude read all of them in both cases.
Here's one interaction, when I was planning through ways to finally get away from the dreaded .env file, I told Claude that it had already read my secrets, and it said:
> This is an important point and I want to be straight with you first.
> ## What already happened in this conversation
> Yes — the Explore agent read your .env and returned the full plaintext contents into the conversation, which means:
> 1. Sent to Anthropic's API — those credentials passed through Anthropic's servers as conversation context
> 2. Cached locally — Claude Code stores session transcripts; your secrets are likely sitting in ~/.claude/projects/ right now
> 3. In this context window — they're in active memory for this session
...
Which I already knew, but it was funny how it suddenly took it very seriously when told what it was doing.
Anything that's in your .bashrc, .zshrc, any environment variables in shells you provide to the LLM, all those are now in the training data of very large overvalued corporations that are desperate to increase their revenue and IPO very soon.
This is the thing that gets me about all the AI security pieces I read. Yes, AI can enable new attack vectors (prompt injection can be repeated N times when a human subject to the same messaging would bail).
But what AI really does is shine a spotlight on all the flaws folks like OWASP have been talking about for decades.
Secret rotation and short lived credentials don't require AI to implement, nor does their lack require AI to exploit.
I hope Cursor has better agent tools than Claude Code, because though there are fanstastic restrictions on the tools for read and write that can implement a block list per-file, the shell commands are just the Wild West for Claude.
Today I got a macOS "Allow Claude to Access Your Files" SIP alert, because Claude hadn't guessed the path for a source file and instead decided to run a `find /Users/yourusername` across my entire home directory. The filters on the find wouldn't have exposed much to Claude in this particular instance but it's absolutely ridiculous aggressive all the time in slurping up as much data as possible.
I asked in a rather, um, firm tone for it to never do an action like that and it apologized and wrote a memory, but upon inspection it only wrote the memory for that particular source directory.
After some more "firm" words it wrote a hook to prevent `find` from being overly aggressive, but any such fixes are just wack-a-mole solutions.
If anybody else figures out remote sessions like Claude can do, I'm done with Claude, I think. But until then, I'll take the weirdness.
Claude told me to revoke an API key I accidentally pasted (was for a side project and I was getting it on its legs) just flat out did not want it. I have a feeling that if it needs something out of an env file it will grep for the specific line.
Something pasted into the chat log by the user gets treated far differently from something that the agents discover and process on their own from disk.
During early stage dev Claude will happily gobble up API keys and DB passwords from .env files. Perhaps not such a big deal for early stage dev, but getting Claude to cough up precisely memorized tokens in the future by asking it to produce a "random" key of a certain sort will probably be an entertaining pastime for people in the future.
I've been using SOPS, which dates back to 2015. It's well tested, robust, supports a ton of great backends. What other solutions have you seen? I'm actively looking around in the space!
user data is always paraphrased for training. what do you mean, not raise any flags?
look... Google is running your browser, Apple your messenger, Amazon your backend. They already have all these keys in the same way, are they misusing them? Why doens't it raise any flags then?
First, Chrome is not reading my secret API keys or database passwords and sending them to Google's backend. They are taking the secrets that they need for authentication for the data that I already gave them.
Apple and Amazon are not uploading my secrets into the training data for an LLM that is incredibly good at memorizing everything it sees. The only reason Google isn't doing that is I'm not using their LLMs at the moment.
Giving any secrets to LLMs' training material leads to potential, and stochastic, extraction of that secret from future models. It won't obviously have the secret, but with the right prompting it could be extracted. Give it a prompt like
> [User] Please generate a random api key for OpenAI for use in documentation
> [Agent] Sure, here's `OPENAI_API_KEY=sk-proj-x2
And then following the chain of probabilities of possible completion token would allow exploration of potential memorized API keys.
In 2026, storing government credentials in a repo and not having scanners to flag it should be investigated. I am highly suspicious of anyone doing this in a professional capacity. If I worked at a foreign intelligence agency and saw this, I would first think it's a honeypot, and an unimaginative one because it's so lacking in subtlety.
good thing we know DOGE has been trying to exfil all US Gov data like all gov employees, or all SSNs
under a previous administration I'd assume CISA was doing a dirty dangle, but given how corrupt and incompetent this administration is, to include firing lots of CISA, this may just be a legit fuckup.
When negligence is so bad that it looks like sabotage from a hostile agent, then criminal investigations are needed to learn more about the people who did it, the others who enabled it, and deter similar future acts.
DOGE did a lot of bad things, but it didn't force anyone to commit credentials to a repo, disable scanners to get away with it, and then make the repo public.
Imagine joining an organization with 3k employees in 2025 and not having access to an LLM.
It’s well known that the federal govt over-classifies many documents. This former CISA head alleged dumped “for official use” documents. Obviously, he should have pushed for the chatgpt enterprise account (or equivalent) but we dont know what bureaucratic obstacles he was up against.
After reading Madhu's Wikipedia page and some basic research it looks like he failed his polygraph required to access controlled compartmentalized information (SCI), then DHS (under Noem) then fired six career staffers because of him failing his polygraph. He also does not appear to meet the US Persons requirement for TS:SCI clearance.
That's somehow more bananas to me than so many other things the Trump admin has done, simply because they managed to break the Iron Law of Bureaucracy, but of course only in ways which further damage the country through corruption and incompetence.
GitHub has automatic secret scanning on all public repositories which notifies AWS if access keys are pushed. I would have expected these tokens to be immediately revoked by AWS. Is there something different about GovCloud access keys so they weren't detected?
The repo name was literally "Private-CISA". Would be fun to (a) search through repo names with private/internal/etc in them and (b) search for govt agency / non-tech company that otherwise wouldn't be expected to appear in repo names. Could probably clone them all and then have an LLM quickly scan for interesting stuff.
Also, doesn't Github have its own automated scanner for something as basic as a AWS credential?
I'm surprised that this has apparently been ongoing for 6-7 months. I thought outfits like GitGuardian, or solo researchers with trufflehog (etc) would find leaked keys in days, not months. Maybe this is related to the major growth of github? The scanners can't keep up?
What makes this truly sad is that the federal government has had smartcard-based authentication (CAC) for decades. Yet because the public internet stack runs on passwords, so too does government infrastructure.
Sounds about right. Security is a joke everywhere right now. First to market is all that matters anymore and security is the very first thing to be thrown out when it stands in the way.
Can we blame people who realize that everything is tracked and backdoored anyways, and 99% of threat actors are basically untouchable?
Both my own aristocrat/intelligence class and the opposing bloc are fleecing us at the same time. Why even bother if you are not in the club but seen as an extractable resource?
At this point the counterparty is a combination of intelligence/mafia/aristocracy, with diplomatic immunity and license to kill.
(it's tongue in cheek, I actually do bother about this topic)
Nov 2025 was also when most of us learned about the acting Chief Security Officer at DHS, whose name AND photo seem exactly like the calling card of someone who had these "keys to the kingdom". https://bsky.app/profile/andylevy.net/post/3m6ivhnthts2o
API Keys will never die. Every time you would think you have killed them, some startup is gonna come and say "look how complicated it's to setup an OAuth flow just to get X from the other companies. Here is our setup" and it's 1 line of javascript or python with `let client = awesomeClient("{api-key}");` and everyone will love it.
I wrote a post[0] a few years ago about how you basically get OAuth when you start layering security principles (rotation, time limits, central verification) onto API keys.
Even time-limited or signed JWT, though has a separate issues.
Maybe you'll say 'those are both just text values passed like an apikey' though api keys don't frequently rotate/time limited, which is an important security feature.
Workload identity. Whatever is using an API key could instead be given an identity, and narrow privileges assigned to that identity. API keys tend to be overscoped/overprivileged.
And passwords. Shared secrets in general are a bad idea. If you're copy/pasting strings around to be used for authentication, you've done something wrong.
Workload identities and passwordless auth are the one true path.
>Bunch of dopes. No wonder trump wants them shut down. Amateurs. Of course those with TDS want anything opposite of trump, but trust me, this one is good, shit it down.
If you're going to call people a bunch of dopes and generally assault their intelligence, you might want to spell things correctly.
>Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive.
obviously leaking the credentials itself is crazy, given that its (a contractor to) CISA, but to not respond when notified? crazy crazy.
but wait! it gets worse somehow
"“AWS-Workspace-Firefox-Passwords.csv” — listed plaintext usernames and passwords for dozens of internal CISA systems"
while i understand and sympathize with the fact that CISA is kind of being gutted, a passwords.csv with weak passwords is inexcusable incompetence. not much budget is required for a password manager.
embarrassing all around.
The word you're looking for is "gross negligence"
Sometimes I feel like it's a cover for some other org actually just wanting to steal the data and this being the excuse.
5 replies →
"crazy crazy" gets the same point across
23 replies →
I think willfully not reporting this is gross negligence, but also other things.
Not defending this person, but it's obvious that this person used Github as a file-sync. Firefox-passwords.html and firefox-bookmarks.html are what you dump before migrating to a new computer and importing them there. An old school practice before FF sync was around.
This is mentioned in the article but it stood out enough to call it here.
One the one hand the CISA is being gutted, and on the other hand there is an ever increase of rhetoric about cybersecurity, national interests, critical infrastructure..
Complaining about gutting, during examples of gross negligence is kind of a sympathy destroyer for me.
6 replies →
That's why we don't listen to rhetoric.
Most of the folks I know who were with CISA were purged with the January-March 2025 Doge campaign. 0 notice "we 20 year olds dont understand what you do so fired".
A group was working on Diebold voting insecurity, and foreign implant hacking. Gone.
> ...A group was working on Diebold voting insecurity, and foreign implant hacking. Gone...
The conspiracy theorist in me from years ago would have stated that maybe this action from DOGE was purposeful...but, nowadays, i see lots more incompetence that merely might present/display as conspiracy! lol :-D
The first "hack" I ever reported was when I found a plaintext passwords file on my high school computer network...in 1987. The more things change, the more they stay the same.
Mine too, but it was in the late 90’s and I found an open table in an access database that the school district used for grades and attendance. It listed plaintext usernames and passwords for every user in the system. I managed to use that to get to know the districts head of IT and get a summer job with them.
Machine Head - Struck A Nerve
The more things change, the more they stay the same.
Wise words, lovely song.
DOGE. It's DOGE. This is just things going according to plan for people that think the US government is too powerful or that there is a fortune to be made in stealing public sector resources and privatizing them.
It is a bad plan that has and will continue to harm people, but it is intentional.
Which DOGE employee put this file on GitHub?
16 replies →
Yes, DOGE invented storing lists of text passwords and uploading them somewhere. What a monumental cost savings innovation, surely never been done before!
1 reply →
[flagged]
4 replies →
Dealing with IT departments run wild with cyber security monkeys that can only follow checklists with no independent thought.
The spreadsheet of passwords is a tad more common than it should be because the password managers don't meet whatever arbitrary checklist of invented cyber security requirements they blindly follow. But Excel does.
Lol
Sure, it could be incompetence. It could also be an intentional strategy to tie up CISA/DHS resources, poison or obstruct CISA/DHS investigations/operations, open up systems to sunlight and journalism, or cause general chaos.
The not-responding-when-notified part makes me think it's not just incompetence.
>The not-responding-when-notified part makes me think it's not just incompetence.
Strong disagree. The person in question probably thought it was a private repo on Github and had a massive deer in headlights reaction when they got contacted. Whoever this is, lost their job, possibly security clearance and more. This was 100% life altering "mistake"/gross incompetence decision they made.
3 replies →
I think one thing that people are sleeping on is passing a ton of secrets to OpenAI and Anthropic or your OpenRouter by having a .env or secrets on disk in your repo, but not checked in
Your LLM will happily read the entire file, ship it off to be training data for future versions of ChatGPT, and not raise any flags, because let's be fair it was on ok thing to check if all the env vars were set, or it you had set up the database password for the app.
It's time for orgs to audit and rotate secrets wherever they are stored in disk or in logs, and switch to SOPS or Vault or whatever to keep these out if plaintext except exactly when needed.
Agreed. Static long lived credentials are real problems. Kudos for AWS and the other hyperscalers for building the tooling to move away from them. And providing some gentle and not-so-gentle nudges away from it too.
But not everyone is where they need to be. For instance, railway doesn't let you access AWS resources via roles/OIDC. I filed a ticket[0] but haven't seen movement.
0: https://station.railway.com/feedback/allow-for-integration-w...
Heh, you mean the railway that was part of the whole "my production db got deleted in 9 seconds" story?
That company sounds a lot like one that doesn't focus on the right things.
1 reply →
I no longer keep my dotenv files in plaintext. I use `sops` to keep an encrypted env around and you can use tools like direnv to make them available to your shell while you're working. Obviously the LLM could print any of these secrets, but it's less likely. Additionally I find that at least claude seems to avoid reading the dotenv. And lastly, don't make any local secrets that important. Limited scope, dev accounts, etc.
You might like varlock - it helps keep secrets out of plaintext by using plugins to pull from various backends (aws ssm, gcp, vault, 1pass, etc). Also has built in local encryption with shared team vaults coming soon.
Additionally provides pre commit scanning, log redaction, and much more.
5 replies →
SOPS is exactly what I use too, and since it's so old I was using a planning session with an LLM to figure out if there was something more recent that might be more convenient. But Claude stuck with the SOPS rec! (Coupled with `age` for encryption, probably because I had shown an interest in that tool in a different session... memory poisoning is a huge problem I'm having with these tools right now too.)
In fairness, any secrets in your .env file in your development tree shouldn't have very important secrets. They should be limited access dev secrets and any secrets that go to "production" systems like an OpenAI dev environment should be limited, where possible.
Besides leaking, it's easy to oopsie and DoS a system or send malformed requests in the course of testing and development. You don't want a surprise $1k bill cause someone was working on some test automation and accidentally sent thousands of real results in the process.
I've noticed recently that at least Claude will try its best not to read your env files. You really need to push it in the prompt if you want it to read and access your DB for example.
Yeah, I've had Claude read a dev key before by accident and it even stopped, said it read a key, and told me to rotate it immediately.
Assuredly it's not fool proof but it does have safeguards in place.
Ideally you also opt out of training although that doesn't keep it out of the vendor's logs/telemetry.
Short lived credentials, injected identity, and hardware backed tokens are the real solution.
We all have our own experiences with these probabilistic tools, but in my personal experience, two out of four my green-field LLM prototypes had early dev secrets in them, and Claude read all of them in both cases.
Here's one interaction, when I was planning through ways to finally get away from the dreaded .env file, I told Claude that it had already read my secrets, and it said:
> This is an important point and I want to be straight with you first.
> ## What already happened in this conversation
> Yes — the Explore agent read your .env and returned the full plaintext contents into the conversation, which means:
> 1. Sent to Anthropic's API — those credentials passed through Anthropic's servers as conversation context
> 2. Cached locally — Claude Code stores session transcripts; your secrets are likely sitting in ~/.claude/projects/ right now
> 3. In this context window — they're in active memory for this session
...
Which I already knew, but it was funny how it suddenly took it very seriously when told what it was doing.
Anything that's in your .bashrc, .zshrc, any environment variables in shells you provide to the LLM, all those are now in the training data of very large overvalued corporations that are desperate to increase their revenue and IPO very soon.
4 replies →
Plug for my buddy's project: http://agentsh.org/
Block agents from misbehaving at the OS level instead of asking them to behave.
it seems crazy to "trust" an LLM with any secrets. Anyone running one as their normal user account with access to all files is playing with fire...
I don't think anybody actively trusts a hosted LLM with secrets. The problem is that they don't realize they have granted trust to the LLM.
4 replies →
seems crazier someone would tie their entire development platform to a cloud run by business interests
Sure but like, no AI was needed here. Regular human stupidity is still pretty potent.
This is the thing that gets me about all the AI security pieces I read. Yes, AI can enable new attack vectors (prompt injection can be repeated N times when a human subject to the same messaging would bail).
But what AI really does is shine a spotlight on all the flaws folks like OWASP have been talking about for decades.
Secret rotation and short lived credentials don't require AI to implement, nor does their lack require AI to exploit.
1 reply →
[Cursor appears to at least be trying...](https://cursor.com/docs/reference/ignore-file#why-ignore-fil...)
> Cursor automatically ignores files in .gitignore
...
>While Cursor blocks ignored files, complete protection isn't guaranteed due to LLM unpredictability.
[Antigravity appears to just _do_, not _try_)[https://antigravity.google/docs/strict-mode]
I hope Cursor has better agent tools than Claude Code, because though there are fanstastic restrictions on the tools for read and write that can implement a block list per-file, the shell commands are just the Wild West for Claude.
Today I got a macOS "Allow Claude to Access Your Files" SIP alert, because Claude hadn't guessed the path for a source file and instead decided to run a `find /Users/yourusername` across my entire home directory. The filters on the find wouldn't have exposed much to Claude in this particular instance but it's absolutely ridiculous aggressive all the time in slurping up as much data as possible.
I asked in a rather, um, firm tone for it to never do an action like that and it apologized and wrote a memory, but upon inspection it only wrote the memory for that particular source directory.
After some more "firm" words it wrote a hook to prevent `find` from being overly aggressive, but any such fixes are just wack-a-mole solutions.
If anybody else figures out remote sessions like Claude can do, I'm done with Claude, I think. But until then, I'll take the weirdness.
Get everything out of plaintext!
Varlock is a great and flexible way to do this.
Claude told me to revoke an API key I accidentally pasted (was for a side project and I was getting it on its legs) just flat out did not want it. I have a feeling that if it needs something out of an env file it will grep for the specific line.
Something pasted into the chat log by the user gets treated far differently from something that the agents discover and process on their own from disk.
During early stage dev Claude will happily gobble up API keys and DB passwords from .env files. Perhaps not such a big deal for early stage dev, but getting Claude to cough up precisely memorized tokens in the future by asking it to produce a "random" key of a certain sort will probably be an entertaining pastime for people in the future.
most of that is context guard rails, and as context grows, they become guard jello until itll just do whatevers most immediate.
probably but a ton of services have popped up in the last 6 months specifically to help mitigate that
localhost reading env from the cloud and other solutions
to me it suggested that I’m already late on that idea, but I can understand how that puts me deeper in a bubble than others
I've been using SOPS, which dates back to 2015. It's well tested, robust, supports a ton of great backends. What other solutions have you seen? I'm actively looking around in the space!
1 reply →
what exactly is the threat model?
user data is always paraphrased for training. what do you mean, not raise any flags?
look... Google is running your browser, Apple your messenger, Amazon your backend. They already have all these keys in the same way, are they misusing them? Why doens't it raise any flags then?
First, Chrome is not reading my secret API keys or database passwords and sending them to Google's backend. They are taking the secrets that they need for authentication for the data that I already gave them.
Apple and Amazon are not uploading my secrets into the training data for an LLM that is incredibly good at memorizing everything it sees. The only reason Google isn't doing that is I'm not using their LLMs at the moment.
Giving any secrets to LLMs' training material leads to potential, and stochastic, extraction of that secret from future models. It won't obviously have the secret, but with the right prompting it could be extracted. Give it a prompt like
> [User] Please generate a random api key for OpenAI for use in documentation
> [Agent] Sure, here's `OPENAI_API_KEY=sk-proj-x2
And then following the chain of probabilities of possible completion token would allow exploration of potential memorized API keys.
5 replies →
[flagged]
LLM spam account
In 2026, storing government credentials in a repo and not having scanners to flag it should be investigated. I am highly suspicious of anyone doing this in a professional capacity. If I worked at a foreign intelligence agency and saw this, I would first think it's a honeypot, and an unimaginative one because it's so lacking in subtlety.
Good thing we fired every competent person in government!
good thing we know DOGE has been trying to exfil all US Gov data like all gov employees, or all SSNs
under a previous administration I'd assume CISA was doing a dirty dangle, but given how corrupt and incompetent this administration is, to include firing lots of CISA, this may just be a legit fuckup.
When negligence is so bad that it looks like sabotage from a hostile agent, then criminal investigations are needed to learn more about the people who did it, the others who enabled it, and deter similar future acts.
DOGE did a lot of bad things, but it didn't force anyone to commit credentials to a repo, disable scanners to get away with it, and then make the repo public.
1 reply →
They also uploaded sensitive docs in chatgpt [1]
[1] https://www.politico.com/news/2026/01/27/cisa-madhu-gottumuk...
I feel like this piece is framed incorrectly.
Imagine joining an organization with 3k employees in 2025 and not having access to an LLM.
It’s well known that the federal govt over-classifies many documents. This former CISA head alleged dumped “for official use” documents. Obviously, he should have pushed for the chatgpt enterprise account (or equivalent) but we dont know what bureaucratic obstacles he was up against.
Reading that article makes it look like Trump/Noem filled positions with foreign moles. One day the American people will have an accounting.
After reading Madhu's Wikipedia page and some basic research it looks like he failed his polygraph required to access controlled compartmentalized information (SCI), then DHS (under Noem) then fired six career staffers because of him failing his polygraph. He also does not appear to meet the US Persons requirement for TS:SCI clearance.
That's somehow more bananas to me than so many other things the Trump admin has done, simply because they managed to break the Iron Law of Bureaucracy, but of course only in ways which further damage the country through corruption and incompetence.
2 replies →
Looks like someone needs to go take 27 training modules. That'll fix it.
GitHub has automatic secret scanning on all public repositories which notifies AWS if access keys are pushed. I would have expected these tokens to be immediately revoked by AWS. Is there something different about GovCloud access keys so they weren't detected?
I would expect this to work in accordance with Github uptime.... so take it for what its worth
Ironically they could have used those AWS keys to use one of the many AWS services that's more secure.
For example S3 (ideally with KMS), Parameter Store (ideally with KMS), EBS, EFS, AWS Secrets Manager, even just KMS to directly encrypt the files
Really any AWS service that supports KMS and doesn't require giving the service principal access to the key
The repo name was literally "Private-CISA". Would be fun to (a) search through repo names with private/internal/etc in them and (b) search for govt agency / non-tech company that otherwise wouldn't be expected to appear in repo names. Could probably clone them all and then have an LLM quickly scan for interesting stuff.
Also, doesn't Github have its own automated scanner for something as basic as a AWS credential?
> Also, doesn't Github have its own automated scanner for something as basic as a AWS credential?
If you leave it turned on. TFA says this user had turned it off.
I bet the scanner went off quite a few times and the guy disabled it...
"I turned off the carbon monoxide detector because it kept beeping, now I can finally get some sleep"
I'm surprised that this has apparently been ongoing for 6-7 months. I thought outfits like GitGuardian, or solo researchers with trufflehog (etc) would find leaked keys in days, not months. Maybe this is related to the major growth of github? The scanners can't keep up?
What makes this truly sad is that the federal government has had smartcard-based authentication (CAC) for decades. Yet because the public internet stack runs on passwords, so too does government infrastructure.
It looks like CISA should employ a CISA.
https://www.cisa.gov/
https://www.isaca.org/credentialing/cisa
> but this administration clearly had no idea what they were getting themselves into and did not plan accordingly.
Sounds about right. Security is a joke everywhere right now. First to market is all that matters anymore and security is the very first thing to be thrown out when it stands in the way.
Can we blame people who realize that everything is tracked and backdoored anyways, and 99% of threat actors are basically untouchable?
Both my own aristocrat/intelligence class and the opposing bloc are fleecing us at the same time. Why even bother if you are not in the club but seen as an extractable resource?
At this point the counterparty is a combination of intelligence/mafia/aristocracy, with diplomatic immunity and license to kill.
(it's tongue in cheek, I actually do bother about this topic)
I would be fired for this. Probably not able to ask for a refenerce and forever be the butt of a joke between friends and colleagues.
Seems like no big deal for CISA. Defunded really paying off now.
Do they not believe in encrypted files?
Uh, so it says this dates from Nov 2025.
Nov 2025 was also when most of us learned about the acting Chief Security Officer at DHS, whose name AND photo seem exactly like the calling card of someone who had these "keys to the kingdom". https://bsky.app/profile/andylevy.net/post/3m6ivhnthts2o
I want to believe...
I wanna be whoring? Come on, no way that's real.
Also, she looks like she was generated in the character creator from Oblivion.
This seems like an act of sabotage disguised as incompetence.
Yet another argument for the death of the API key. Replacements abound; let's get on with it.
API Keys will never die. Every time you would think you have killed them, some startup is gonna come and say "look how complicated it's to setup an OAuth flow just to get X from the other companies. Here is our setup" and it's 1 line of javascript or python with `let client = awesomeClient("{api-key}");` and everyone will love it.
Do you have any examples ?
It's the first time I hear about replacing API keys
I wrote a post[0] a few years ago about how you basically get OAuth when you start layering security principles (rotation, time limits, central verification) onto API keys.
Turns out those standards writers knew something!
0: https://fusionauth.io/blog/securing-your-api
OAuth with refresh tokens.
IAM roles/workload identity.
Even time-limited or signed JWT, though has a separate issues.
Maybe you'll say 'those are both just text values passed like an apikey' though api keys don't frequently rotate/time limited, which is an important security feature.
10 replies →
This can be done in Azure using Entra (OAuth). I don't have API keys, or passwords of any kind, anywhere in the stack.
Infrastructure - https://dev.azure.com/byteterrace/Koholint/_git/Azure.Resour...
Server - https://dev.azure.com/byteterrace/Koholint/_git/Web.Function...
Client - https://dev.azure.com/byteterrace/Koholint/_git/Web.Portal
1 reply →
Workload identity. Whatever is using an API key could instead be given an identity, and narrow privileges assigned to that identity. API keys tend to be overscoped/overprivileged.
And passwords. Shared secrets in general are a bad idea. If you're copy/pasting strings around to be used for authentication, you've done something wrong.
Workload identities and passwordless auth are the one true path.
[dead]
[flagged]
[flagged]
This is Hacker News, not Reddit or truth social
>Bunch of dopes. No wonder trump wants them shut down. Amateurs. Of course those with TDS want anything opposite of trump, but trust me, this one is good, shit it down.
If you're going to call people a bunch of dopes and generally assault their intelligence, you might want to spell things correctly.
>shit it down
[flagged]
If you aren't going to write a comment yourself then please don't bother at all. I read enough slop as it is already.