🐷 Under the Hood of TruffleHog! ⚡ Part 1 of 2: How Aho-Corasick + CPU optimizations deliver 11-17% faster scans with precomputed keyword matching. 🚀 👉 trufflesecurity.com/blog/under-the…

🔍Webinar: Are LLMs teaching devs to hardcode API keys? 🔑 We tested 10 LLMs & most recommend hardcoding credentials, even in tools like VS Code & ChatGPT 📅 Join us on 2/20 to learn more about the risks & how to stay secure: trufflesecurity.com/webinars/are-l…

Removing Jeff Bezos from my bed - Do you expect to find an AWS key in your bed? We found one, and we removed it. We’re sleeping great now. 🔗trufflesecurity.com/blog/removing-…

We scanned 400TB of DeepSeek’s training data & found: 🚨 ~12K live API keys & passwords 🌐 2.76M affected pages 🔄 One key appeared 57K+ times 🔑 219 secret types (AWS root keys, Slack webhooks, etc.) 🔗 Full research: trufflesecurity.com/blog/research-…

🔥 You can now add TruffleHog to Burp Suite! 🌐 Install it directly from the BApp Store 🔍Scan web traffic for live, verified credentials—active & exploitable Because secrets don’t just leak in code… 😬 Big Thanks to PortSwigger ! 🙌 🔗trufflesecurity.com/blog/introduci…

🚨 🚨 A quick word the: ⚫ TruffleHog Chrome Extension ⚫ TruffleHog burp plugin From Dylan

🚨 Are LLMs teaching devs to hardcode API keys? 🔑 🔍Our research shows most AI coding assistants recommend insecure practices. Our on-demand webinar highlights the risks, their impact in IDEs like VS Code, & how to stay secure! 📺 Watch now: trufflesecurity.com/webinars/are-l…

🐷Want the latest on TruffleHog, security research, news, and events? 🔐 Stay up-to-date with our newsletter. 🔗 Sign up here: trufflesecurity.com/newsletter

On episode 2 of Security Wisdom, Travis McPeak was joined by Dylan of Truffle Security, where they covered crafting compelling security narratives. Get the full episode here: resourcely.io/post/security-…

The $64k Bounty: Automating secret extraction from GitHub to win $64K in bounties. Loved the way Sharon glued his GitHub internals knowledge, existing tools (Truffle Security trufflehog), cloud and AI to automate at scale. medium.com/@sharon.brizin…

Tomorrow I'll be speaking at BSidesSF at 11:15am. The topic? Aligning light weight AI models to become self replicating ransomware worms. Join me on the IMAX.

May your secrets be with you! #MayTheFourthBeWithYou #TruffleHog

I asked Maya Kaczorowski (former Senior Director GitHub) about her thoughts about GitHub's identity system. Personally I think managing identity in GitHub is clear as mud.

🔍Accessing 15 million "Permanently deleted" commits at scale across GitHub. 🔗A guest post by Sharon Brizinov: trufflesecurity.com/blog/guest-pos…

Think secrets are gone after a force push? Think again. 🔍We built Force Push Scanner to find secrets in dangling GitHub commits. 🙀Millions are still exposed. 🔗 trufflesecurity.com/blog/how-to-sc…

🔐 8,437 #GCP images. 147M files. 0 live secrets. ☁️ GCP’s strict image controls show clear results vs. #AWS & #Azure. 🔗 Full CloudQuarry report: trufflesecurity.com/blog/guest-pos…

Meet the Truffle Security team at Booth 5511 Black Hat. Come by, find the leaked secrets and win a prize. #TruffleHog