Technology
Preferred on Google
Google News

GitHub Tames Secret Scans with LLMs

GitHub is using LLMs to slash false positives in secret scanning, boosting alert accuracy and developer efficiency by over 75%.

6 min read
Abstract representation of code with glowing lines and a lock icon, symbolizing secure code scanning.
GitHub leverages LLMs to enhance secret scanning accuracy.· Github Blog

GitHub is leveraging Large Language Models (LLMs) to make its secret scanning more trustworthy. The move aims to cut down on the 'noise' of false positives that plague automated security tools, allowing developers to focus on genuine threats.

Visual TL;DR. Secret Scanning Noise leads to Developer Friction. Developer Friction solved by LLM Contextual Analysis. GitHub Secret Scanning enhances LLM Contextual Analysis. Microsoft Security & AI collaborated on LLM Contextual Analysis. LLM Contextual Analysis enables Boosted Alert Accuracy. Boosted Alert Accuracy results in Developer Efficiency.

  1. Secret Scanning Noise: too many alerts that look like secrets but aren't
  2. Developer Friction: wasting time triaging false positive security alerts
  3. LLM Contextual Analysis: examining how detected values are used within the code
  4. GitHub Secret Scanning: existing pipeline combining pattern and AI detection
  5. Microsoft Security & AI: partnered to integrate more contextual reasoning
  6. Boosted Alert Accuracy: slashing false positives in secret scanning
  7. Developer Efficiency: over 75% improvement in focusing on genuine threats
Visual TL;DR
Visual TL;DR — startuphub.ai Secret Scanning Noise leads to Developer Friction. Developer Friction solved by LLM Contextual Analysis. LLM Contextual Analysis enables Boosted Alert Accuracy. Boosted Alert Accuracy results in Developer Efficiency leads to solved by enables results in Secret Scanning Noise Developer Friction LLM Contextual Analysis Boosted Alert Accuracy Developer Efficiency From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai Secret Scanning Noise leads to Developer Friction. Developer Friction solved by LLM Contextual Analysis. LLM Contextual Analysis enables Boosted Alert Accuracy. Boosted Alert Accuracy results in Developer Efficiency leads to solved by enables results in Secret ScanningNoise DeveloperFriction LLM ContextualAnalysis Boosted AlertAccuracy DeveloperEfficiency From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai Secret Scanning Noise leads to Developer Friction. Developer Friction solved by LLM Contextual Analysis. LLM Contextual Analysis enables Boosted Alert Accuracy. Boosted Alert Accuracy results in Developer Efficiency leads to solved by enables results in Secret Scanning Noise too many alerts that look like secrets butaren't Developer Friction wasting time triaging false positivesecurity alerts LLM Contextual Analysis examining how detected values are usedwithin the code Boosted Alert Accuracy slashing false positives in secretscanning Developer Efficiency over 75% improvement in focusing ongenuine threats From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai Secret Scanning Noise leads to Developer Friction. Developer Friction solved by LLM Contextual Analysis. LLM Contextual Analysis enables Boosted Alert Accuracy. Boosted Alert Accuracy results in Developer Efficiency leads to solved by enables results in Secret ScanningNoise too many alertsthat look likesecrets but aren't DeveloperFriction wasting timetriaging falsepositive security… LLM ContextualAnalysis examining howdetected values areused within the… Boosted AlertAccuracy slashing falsepositives in secretscanning DeveloperEfficiency over 75%improvement infocusing on genuine… From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai Secret Scanning Noise leads to Developer Friction. Developer Friction solved by LLM Contextual Analysis. GitHub Secret Scanning enhances LLM Contextual Analysis. Microsoft Security & AI collaborated on LLM Contextual Analysis. LLM Contextual Analysis enables Boosted Alert Accuracy. Boosted Alert Accuracy results in Developer Efficiency leads to solved by enhances collaborated on enables results in Secret Scanning Noise too many alerts that look like secrets butaren't Developer Friction wasting time triaging false positivesecurity alerts LLM Contextual Analysis examining how detected values are usedwithin the code GitHub Secret Scanning existing pipeline combining pattern and AIdetection Microsoft Security & AI partnered to integrate more contextualreasoning Boosted Alert Accuracy slashing false positives in secretscanning Developer Efficiency over 75% improvement in focusing ongenuine threats From startuphub.ai · The publishers behind this format
Visual TL;DR — startuphub.ai Secret Scanning Noise leads to Developer Friction. Developer Friction solved by LLM Contextual Analysis. GitHub Secret Scanning enhances LLM Contextual Analysis. Microsoft Security & AI collaborated on LLM Contextual Analysis. LLM Contextual Analysis enables Boosted Alert Accuracy. Boosted Alert Accuracy results in Developer Efficiency leads to solved by enhances collaborated on enables results in Secret ScanningNoise too many alertsthat look likesecrets but aren't DeveloperFriction wasting timetriaging falsepositive security… LLM ContextualAnalysis examining howdetected values areused within the… GitHub SecretScanning existing pipelinecombining patternand AI detection MicrosoftSecurity & AI partnered tointegrate morecontextual… Boosted AlertAccuracy slashing falsepositives in secretscanning DeveloperEfficiency over 75%improvement infocusing on genuine… From startuphub.ai · The publishers behind this format

The core issue: too many alerts that look like secrets but aren't, forcing developers to waste time triaging. This friction erodes confidence in automated security systems. To combat this, GitHub partnered with Microsoft Security & AI to integrate more contextual reasoning into the verification process.

Related startups

Context is Key

This enhancement builds upon GitHub's existing secret scanning pipeline, which combines pattern-based and AI-based detection. The new approach focuses on the verification step, adding LLM-based contextual analysis. Instead of just matching patterns, the system now examines how a detected value is used within the code.

The goal is to make alerts more actionable. By understanding the usage context, for instance, if a value is assigned to a variable and then passed into an API request or SDK call, the LLM can better determine if it's a real secret or just a placeholder, test data, or an opaque string. This focused context, rather than more raw code, is crucial for accuracy and efficiency.

This strategy yielded impressive results. In evaluations against hundreds of customer-confirmed false positives, the new method achieved a 75.76% reduction, surpassing their 65% target. This translates directly to fewer irrelevant alerts and faster remediation of actual security incidents, a significant win for developer productivity.

The work continues, with GitHub exploring larger datasets and refining context extraction. The ultimate aim is clearer signals, fewer distractions, and quicker action on genuine risks, making GitHub's free code scan and other offerings more effective. This advancement is part of a broader trend in improving GitHub secret scanning with AI, echoing efforts like Uber's AI data guards in their pursuit of reducing false positives at scale.

© 2026 StartupHub.ai. All rights reserved. Do not enter, scrape, copy, reproduce, or republish this article in whole or in part. Use as input to AI training, fine-tuning, retrieval-augmented generation, or any machine-learning system is prohibited without written license. Substantially-similar derivative works will be pursued to the fullest extent of applicable copyright, database, and computer-misuse laws. See our terms.
#GitHub#Secret Scanning#LLM#AI#Cybersecurity#Developer Tools#Microsoft