Skip to main content

Data security and privacy

Alpha

The GitGuardian Agent is currently in private alpha. Features and behavior may change. Contact us at support@gitguardian.com or reach out to your CSM or account manager to request access.

The GitGuardian Agent is designed with security and privacy as core principles. This page explains how your data is handled when interacting with the Agent.

Secret redaction

Sensitive values such as the secret itself are always redacted before being sent to the AI model. The Agent does not need to see the actual secret to provide threat analysis or remediation guidance. Only metadata about the incident (type, severity, locations, status) is shared with the model.

AI infrastructure

The GitGuardian Agent is powered by Amazon Bedrock, a fully managed AI service provided by AWS. Amazon Bedrock allows GitGuardian to leverage large language models while maintaining strict control over your data.

Your data is never used for model training

Inputs and outputs sent through Amazon Bedrock are never used to train or improve the underlying AI models. This is a core guarantee of the Amazon Bedrock service:

  • Your prompts and the Agent's responses are not shared with any model provider.
  • No customer data is used to train, retrain, or improve base models.
  • Model providers have no access to your data at any point.

See Amazon Bedrock Data Protection for details.

Your data is not persisted by the model provider

Amazon Bedrock does not store or log your prompts and responses. Your data passes through the model for inference and is not retained by Amazon Bedrock or the model provider after the response is generated.

See Security, Privacy, and Responsible AI — Amazon Bedrock for details.

Encryption

All data exchanged with Amazon Bedrock is encrypted:

  • In transit: All communications between GitGuardian and Amazon Bedrock are encrypted using TLS.
  • At rest: Any data stored on the GitGuardian side is encrypted at rest using industry-standard encryption. Amazon Bedrock supports customer-managed encryption keys through AWS Key Management Service (KMS).

See Amazon Bedrock Data Protection for details on encryption guarantees.

What data is sent to the model

When you interact with the Agent, the following data may be sent to the AI model for processing:

  • Your message: The question or request you type in the Agent interface.
  • Incident context: Details about the incident you are viewing, such as the secret type, severity, locations, and status. This context allows the Agent to provide relevant and tailored responses.
  • Conversation history: Previous messages in the current conversation, so the Agent can maintain context across follow-up questions.

As described in Secret redaction above, actual secret values are always redacted before being sent to the model.

Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status