Detection Engine Updates Version 2.165

  Release Date: June 9, 2026

This release of the GitGuardian detection engine adds new detectors for Stitch API Key, ActiveMQ Credentials, Instantly API Key, Gitea Access Token, Fal.ai API Key, SurrealDB Cloud JWT Token, Kimi API Key, and Wiz OAuth Credentials. It also introduces new validity checkers — several with custom-host support — for Okta Token, Okta OAuth Credentials, Azure Communication Services Connection String, Azure Storage Account Key, AWS Cognito OAuth 2.0 Credentials, LaunchDarkly SDK Key, Pulumi Access Token, and the Python Package Index Key. A number of existing checkers were upgraded to keep pace with provider changes: AWS IAM Keys now check all AWS regions, Sumo Logic gains the Switzerland and Korea deployments (dropping the retired India endpoint), and Supabase, Vultr, Baidu AI, and SAP OAuth Credentials were updated for revised endpoints and validity handling.

Notable precision improvements (measured on internal benchmarks):

• azure_active_directory_api_keys: significant reduction in false positives.

New Detectors

• Stitch Api Key: [Detector-builder] Add a detector for Stitch Api Key
• ActiveMQ Credentials: Add a new detector for ActiveMQ Assignment.
• Instantly API Key: Add a new detector for Instantly API Key.
• Gitea Access Token: Add a new detector for Gitea Access Token.
• Fal.ai API Key: Add a new detector for Fal.ai API Key.
• SurrealDB Cloud JWT Token: Add a new detector for SurrealDB Cloud JWT Token.
• Kimi API Key: Add a new detector for Kimi API Key.
• Wiz OAuth Credentials: Add a new detector for Wiz OAuth Credentials.

Detector Updates

• AWS IAM Keys: Update the AWS IAM checker to check all AWS regions.
• Okta Token: Add a new checker for Okta Token with custom_host_support.
• Okta Keys: Add a new checker for Okta OAuth Credentials with custom_host_support.
• Okta Keys: Add a new checker for Okta OAuth Credentials with custom_host_support.
• Azure Communication Services Connection String: Add a new checker for Azure Communication Services Connection String.
• Microsoft Azure Storage Account Key: Add a new checker for Azure Storage Account Key with custom_host_support.
• AWS Cognito OAuth 2.0 Credentials: Add a new checker for AWS Cognito OAuth credentials with custom host support.
• LaunchDarkly SDK Key: Add a new checker for LaunchDarkly SDK Key.
• Azure Active Directory API Keys: Update the matchers to improve detection accuracy.
• Pulumi Access Token: Add a new checker for Pulumi Access Token.
• Sumo Logic Keys: Remove the non-existent India endpoint and add the Switzerland and Korea deployments.
• Supabase API Key: Return invalid when the project no longer exists, while keeping failed to check on a transient outage.
• Python Package Index Key: Add a checker validating PyPI API tokens against pypi.org and test.pypi.org
• Vultr Key: Migrate the checker to the Vultr v2 API as the v1 endpoint was removed.
• Baidu AI API Key: Use the chat/completions endpoint as the model listing endpoint no longer authenticates API keys.
• SAP OAuth Credentials: Treat a 404 from a non-existent tenant as invalid instead of failed to check.