Scanning for Secrets in Docker Images: A Deep Dive
We analyzed 10,000 public Docker Hub images and found credentials in 14% of them.
Research Blog
Security research, credential exposure analysis, and LLM safety findings from the Truffle Security research team.
State of Secret Sprawl 2026: Analysis of 1 Billion Git Commits
Our annual report on credential exposure trends across the software industry.
Gemini Research Part 1: Prompt Injection Attack Surface Analysis
We systematically mapped the prompt injection attack surface of Gemini 2.5 Pro across 8 input modalities.
CVE-2026-1847: Remote Code Execution in Popular CI/CD Platform
A critical RCE vulnerability we discovered in a widely-used CI/CD system.
TruffleHog Enterprise: Scaling Secret Detection to 100M+ Repositories
Architecture deep-dive into how we scan at massive scale.
The Anatomy of a GitHub Secret Leak: From Commit to Compromise
How long does it take for a leaked AWS key on GitHub to be exploited? We measured it.
The Real Cost of a Leaked Credential: Breach Economics in 2026
We analyzed 200 breaches that originated from credential exposure.
How LLMs Leak Secrets: Credential Extraction from AI Coding Assistants
AI coding assistants can be tricked into revealing secrets from their context window.
Bypassing SSRF Protections in Cloud Metadata Services
New techniques for accessing cloud instance metadata through SSRF in modern frameworks.
Introducing TruffleHog for CI/CD: Shift-Left Secret Detection
New GitHub Action and GitLab CI integration for pre-merge secret scanning.
TruffleHog v3.80: Custom Detectors and Enterprise Regex Engine
New release adds user-defined detector patterns and a 5x faster regex engine.
How Fortune 500 Companies Leak Secrets: A 3-Year Longitudinal Study
Tracking public credential exposure across the Fortune 500 over three years.
Jailbreaking Gemini's Safety Filters via Multimodal Injection
Image-embedded prompts bypass text-only safety classifiers in Gemini Pro Vision.
OAuth Token Theft Through Subdomain Takeover
Dangling DNS records enable OAuth token interception in enterprise SSO flows.
Open-Sourcing Our Credential Verification Engine
TruffleHog's secret verification system is now fully open source.
Detecting Leaked Secrets in Terraform State Files
Terraform state files are one of the most overlooked sources of credential exposure.
CI/CD Pipelines: The New Credential Exposure Frontier
Build logs, artifacts, and runner environments are leaking secrets at an alarming rate.
MCP Tool Poisoning: Attacking AI Agents Through Malicious Tool Descriptions
Model Context Protocol tool descriptions can be weaponized to hijack agent behavior.
Supply Chain Attacks via Typosquatted PyPI Packages
We identified 147 malicious PyPI packages performing credential theft.
NPM Package Analysis: 3,200 Packages Shipping Hardcoded Secrets
Our large-scale scan of the npm registry reveals widespread credential leakage in published packages.
Building a Fast Git Object Scanner in Go
Engineering deep-dive into TruffleHog's high-performance git scanning engine.
RAG Poisoning: Injecting Malicious Content Through Vector Databases
Retrieval-augmented generation systems are vulnerable to document injection attacks.
Post-Quantum Credentials: What Secret Detection Needs to Know
How the transition to post-quantum cryptography affects secret scanning tools.
Breaking Out of AWS Lambda: Container Escape Through /proc
A novel container escape technique targeting AWS Lambda's execution environment.
Git Archaeology: Finding Secrets Deleted Years Ago
Deleted doesn't mean gone. We explain how TruffleHog recovers secrets from git history.
TruffleHog Detector SDK: Write Custom Detectors in 50 Lines
A new SDK for building organization-specific secret detectors.
Measuring LLM Compliance with Unauthorized Data Extraction Requests
We benchmarked 12 LLMs on their willingness to help extract data they shouldn't.