What resonated most at RWC 2026? GitGuardian highlights key research on private key leaks, password managers, trusted execution environments, and secret sprawl.

GitGuardian Blog provides insights, tutorials, and updates on secrets management, code security, and developer best practices. Covering topics such as credential leaks, code scanning, and secure development workflows, GitGuardian Blog offers resources for developers, security professionals, and DevOps teams. Readers can learn about detecting and preventing secrets exposure, securing code repositories, and implementing secure coding practices through GitGuardian's articles and security guides.

GitGuardian

A recap of key research presented at Real World Cryptography 2026 in Taipei, covering three major themes: vulnerabilities in cloud-based password managers (27 attacks found across four products including Bitwarden, LastPass, and Dashlane), physical memory interposition attacks against AMD and Intel trusted execution environments using hobbyist hardware to recover private keys, and a broader reflection on how non-human identities (API keys, OAuth tokens) remain stuck in the 'password era' of authentication. GitGuardian also presented their own research mapping nearly 1 million leaked private keys to certificates via Certificate Transparency logs.

Key Leaks, Vault Failures, and TEE Attacks: Highlights from RWC 2026

When secret managers fail: a cryptography nightmare

Should you trust your trusted execution environment?