Release Date: May 21, 2026

Developers are writing more code than ever with Claude Code, Cursor, and other AI assistants - and a lot of that code touches secrets. The new open-source GitGuardian/agent-skills repository ships skills that teach those agents how to use ggshield: when to scan, how to read findings, and how to walk the developer through remediation.

What's in it?

• Claude Code plugin: a one-command install (/plugin install ggshield) that makes the skill available to Claude Code - the agent invokes it when the developer asks to scan, validate a token, or remediate a leaked credential.
• Cursor rules & commands: the same skill packaged for Cursor, exposing the ggshield workflow so the agent can call it on demand.
• Defense in depth (optional): layer the ggshield agent hook on top (ggshield install -t claude-code) - unlike the skill, the hook runs automatically and scans every prompt, tool call, and tool output from inside the agent.

Why is this important?

We are meeting developers where they already are - no new tool to adopt, no workflow change. When the developer brings up secret scanning, key validation, or a leaked credential, the agent now knows to reach for ggshield, how to interpret the findings, and how to guide remediation in context. Pair it with the ggshield hook for fully automated, agent-side scanning. Either way, fewer secrets slip through AI-assisted development - with zero friction added to the developer's day.

Get Started Today!

The repository is public, MIT-licensed, and ready to demo:

• Browse the skills on GitHub
• Install the Claude Code plugin with /plugin install ggshield
• Or drop the Cursor rules into your .cursor/ directory

Contributions and feedback are welcome - open an issue or a pull request on the repo.

Enhancements​

• Sources health management — Jira Data Center: GitGuardian now pauses real-time ingestion and historical scans on unreachable Data Center sources, auto-resumes them once health is restored, and surfaces an actionable recovery step. Rolling out to more integrations in upcoming releases. See the Data Center integration guide.
• Jira Cloud - recurrent scanning instead of webhooks: Jira Cloud monitoring now relies on scheduled recurrent scans instead of inbound webhooks. See the Jira Cloud integration guide.
• VCS - scan orphaned commits and Git notes in historical scans: Historical scans on Version Control Systems now fetch every reference the remote exposes - pull/merge request refs, Git notes, GitLab keep-around refs, Gerrit change refs, and any other custom namespace - on top of standard branches and tags. Secrets in closed PRs, force-pushed history, and Git notes are no longer blind spots. See Manage your monitored perimeter.

Fixes​

• Perimeter: Fixed an issue where unmonitored sources were incorrectly displayed as deleted in the user interface.

  Release Date: April 10, 2026

AI coding assistants like Cursor, Claude Code, and GitHub Copilot can now read files, run shell commands, and call external tools during a session. That makes them powerful, but it also means secrets can be exposed before code ever reaches a repository or CI pipeline. ggshield now scans AI interactions in real time and blocks secrets before they are sent to a model or executed.

What does this mean for you?

• Prompt scanning: Secrets in your prompts are caught before they reach the AI model.
• Tool call protection: File reads, shell commands, and MCP calls are scanned before the AI assistant executes them.
• Post-action alerts: If a tool output contains secrets, you get a desktop notification so you can act immediately.
• Simple setup: A single ggshield install command configures hooks for your tool of choice.

Why is this important?

Prompts, local file access, shell output, and MCP tool calls sit outside the controls that protect repositories and CI pipelines. A developer might paste an API key while debugging, or an AI agent might read a .env file and pass credentials to a model provider. These interactions are invisible to most security programs today. Secret scanning at the hook level closes that gap, giving security teams visibility and control over what flows through AI-assisted development workflows.

Get started

1. Make sure you have ggshield 1.49.0 or later installed
2. Run ggshield install -t <tool> -m global where <tool> is cursor, claude-code, or copilot
3. Start coding: ggshield will automatically scan prompts and tool calls in the background

Check out the full setup guide to learn more.

---

Enhancements​

• Risk Score: Shipped an updated model that improves separation between low-risk noise and higher-priority findings; some incident scores may shift. Learn more.
• Saved views: The Critical saved view is now the default when you open the Internal Monitoring incidents page. Learn more.
• Public API:
  • Added privacy mode support, allowing users to control secret content visibility when retrieving secrets via API endpoints. Learn more.
  • Added new endpoints to trigger and cancel historical scans programmatically, enabling integration of scan management into automated workflows. Learn more.
  • Added severity_rule_id and detector category to the incident response - for both internal and public secret incidents.
  • Added a new GET /v1/severity-rules endpoint to list severity rules.
• Authentication: The SSO domain is now remembered after logout, allowing users to reconnect with a single click instead of re-entering their domain each time.
• Public exposure: "Found outside perimeter" leak details are now visible to all customers, regardless of Public Monitoring subscription. This allows users to better assess and qualify the signal as we continue to improve the reliability of this detection. Access to this information may evolve as the feature matures.

Fixes​

• Secrets Detection: Fixed an issue where ggshield could return an incorrect incident URL when two secrets shared the same hash across different repositories with the "Group by secret per source" enabled.
• Analytics: Fixed an issue where the "All time" date range filter did not consistently cover all incidents, potentially causing some older incidents to be excluded from analytics views.
• Jira Data Center Integration: Fixed an issue where Jira Data Center source connections could intermittently lose authentication.
• Honeytoken: Fixed a deployment job failure caused by an encoding error when interacting with the GitLab API during honeytoken deployment.
• Public API: Fixed an error when querying occurrences for public incidents originating from Explore Search.