Microsoft · GitHub · AI Agent · Agentic AI · GitHub Blog
Making secret scanning more trustworthy: Reducing false positives at scale
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
★ Tier-1 Source
Secret scanning plays a critical role in protecting developers and organizations.
Key facts
- To address this challenge, GitHub collaborated with Microsoft Security & AI’s Agents Offense team to bring more contextual reasoning into GitHub’s secret scanning verification
- Mariko is a Principal Applied Scientist at Microsoft, where she leads the development of agentic AI workflows for cybersecurity operations
- GitHub secret scanning combines pattern-based detection with AI-based detection to identify potential secrets
- Pattern-based detection catches known secret formats, such as partner patterns for tokens and API keys
Summary
At GitHub’s scale, even small inefficiencies create real friction. When alerts feel noisy, developers spend more time triaging and less time fixing real issues. To address this challenge, GitHub collaborated with Microsoft Security & AI’s Agents Offense team to bring more contextual reasoning into GitHub’s secret scanning verification. GitHub secret scanning combines pattern-based detection with AI-based detection to identify potential secrets. GitHub already has industry-leading precision for provider-pattern secret detection at massive scale, processing billions of pushes and protecting tens of millions of developers across millions of repositories.