Nine Days After CISA Told America to Lock Down, Its Own Keys Were Sitting on GitHub

The Timing Is the Story

On May 5, 2026, CISA, the federal agency responsible for defending American infrastructure, published guidance under a program it calls CI Fortify, telling critical infrastructure operators to assume the adversary already has access to their networks and to prepare to run in isolation for weeks to months. Thirteen days later, on May 18, Brian Krebs reported that a CISA contractor had left the agency's own cloud keys exposed in a public code repository for roughly six months.

The agency telling everyone else to assume their keys were compromised had, during the very window it was writing that guidance, allowed its own to sit in the open. This is not pointed out to score a cheap irony. It is pointed out because the gap between what the agency told the country to do and what the agency itself did is the most honest available measure of how hard the problem actually is. If CISA cannot do this, the assumption that a mid-market company can is not safe.

What Was Exposed

The repository was named, without any apparent sense of irony, “Private-CISA.” According to Krebs, security researchers at GitGuardian discovered it on May 14 and, after concluding it was real, alerted both CISA and KrebsOnSecurity. It contained roughly 844 megabytes of data across its working tree and full version history, and it had been publicly accessible since its creation on November 13, 2025.

The specifics move this out of the category of an ordinary mistake. One file was named “importantAWStokens” and held administrative credentials to three AWS GovCloud accounts, the cloud environment reserved for regulated US government workloads. Another, “AWS-Workspace-Firefox-Passwords.csv,” listed plaintext usernames and passwords for dozens of internal CISA systems, including a secure code-development environment called Landing Zone DevSecOps. The repository also contained credentials to CISA's software artifactory, the store of code packages the agency uses to build its own software, and files describing how CISA builds, tests, and deploys that software internally. The commit history showed the contractor had deliberately switched off the GitHub feature designed to block users from publishing secrets in public repositories.

Guillaume Valadon, the GitGuardian researcher who found it, said something that should give any executive pause. He initially assumed it was fake, because the idea that this particular agency could produce a leak this complete seemed implausible. Only after analyzing the contents did he accept it was real. His stated fear was direct: that a state actor would get the data and be able to do real damage with it.

Philippe Caturegli of the security firm Seralys validated that the keys authenticated to three GovCloud accounts at high privilege, and identified the most dangerous implication. The exposed build-system access, he told Krebs, would be a prime place to move laterally: backdoor a software package, and the victim's own pipeline deploys the backdoor everywhere it ships. That is not a hypothetical. It is the essential logic of a software supply-chain compromise, the same technique nation-state actors use against exactly these kinds of targets, and it is the precise capability CI Fortify was written to help operators survive. The leak did not just expose passwords. It exposed the mechanism that turns one foothold into self-distributing access.

Caturegli's read on how it happened is almost more troubling than the keys themselves. Because the contractor had committed to the repository regularly since November, using both a CISA email and a personal email, he suspected the contractor was using a public GitHub repo as a way to synchronize files between a work laptop and a home computer. The most sensitive credentials in American civilian cyber defense, allegedly exposed not by a sophisticated attack but by someone moving files between two machines the convenient way.

The Containment That Wasn't

The response to the disclosure follows a pattern anyone who has watched a breach will recognize. When the repository was taken offline, the exposed AWS keys inexplicably remained valid for another 48 hours. And on May 22, Krebs reported that more than a week after CISA was first notified, the agency was still working to invalidate and replace many of the exposed credentials.

Dylan Ayrey, the creator of the secret-scanning tool TruffleHog, found that CISA had still not invalidated an RSA private key granting access to a GitHub application owned by the agency's enterprise account. That key, in his assessment, would let an attacker read source code from every repository in the CISA-IT organization including private ones, hijack the CI/CD pipelines that build and deploy software, and modify repository settings. Functional control of the agency's software development environment. It was killed only after Krebs notified CISA of Ayrey's findings.

CISA's public statement was that “there is no indication that any sensitive data was compromised as a result of this incident.” That sentence does the work every breach statement does. No indication of compromise is not the same as no compromise. When credentials sit in a public repository for six months, the absence of evidence that they were used is frequently just the absence of the ability to see whether they were. As Ayrey noted, criminal groups and foreign intelligence services scan the same public GitHub feeds his company scans. Anyone watching could have been sitting on the data the entire time.

Who the Contractor Was, and Why It Compounds the Problem

The repository was maintained by an employee of Nightwing, a government contractor based in Dulles, Virginia, that holds a long-running, privileged role in CISA cyber operations, software support, and incident response. Nightwing declined to comment and directed inquiries to CISA.

Two facts about Nightwing sharpen the picture. First, the firm was formerly the cybersecurity division of Raytheon/RTX, spun out as a standalone defense-cyber contractor. Second, a year before this leak, Nightwing, Raytheon, and RTX agreed to pay $8.4 million to resolve Department of Justice allegations that Raytheon had violated cybersecurity requirements on federal contracts. The contractor at the center of one of the most egregious government data leaks in recent memory is the same firm that had just paid millions to settle federal cybersecurity-compliance allegations. That is not proof of anything about this specific incident. It is context a board would want, and it points to the real lesson: the customer owns the risk of a contractor's identity hygiene, repository boundaries, and device posture, even when the contractor is the one who fails.

The Institutional Strain Behind It

One more fact belongs in the frame, because it speaks to cause rather than blame. CISA has lost roughly a third of its workforce since the start of the second Trump administration, through forced retirements, buyouts, and resignations, bringing its headcount down to around 2,200, with most of its senior leadership gone and acting directors who have not been Senate-confirmed.

This analysis takes no position on the politics of that reduction. The operational consequence is not a political opinion. An agency telling the private sector to fortify against an existential threat, while running a third short and outsourcing privileged administrative access to contractors who sync agency secrets to personal accounts, is an agency whose advice and whose capacity have come apart at the seam. The guidance was right. The agency simply could not live up to it, and the gap is the warning.

What Congress Asked

The reaction in Washington was fast and bipartisan. Senator Maggie Hassan demanded a classified briefing and posed a dozen questions about how such a lapse could occur at the very agency charged with preventing cyber breaches. Representatives Bennie Thompson and Delia Ramirez, in a letter to CISA's acting director, wrote the single most important sentence of the whole affair: that adversaries like China, Russia, and Iran seek access and persistence on federal networks, and that the files in the “Private-CISA” repository “provided the information, access, and roadmap to do just that.”

A roadmap to gain access and persistence. That is a member of Congress describing the leak in the exact words the intelligence community uses for what China's pre-positioned hackers are already doing inside US infrastructure. The people with the classified picture connected the leak to the standing threat immediately. The danger is not abstract. It is that this leak fed the precise capability the broader campaign against American infrastructure depends on.

What a Board Should Take From This

The instinct is to read this as a government story. That misses the point, because the failure modes are the ones that show up in nearly every mid-market environment, only with smaller budgets and less scrutiny.

Start with the contractor. The leak did not happen because of a sophisticated attack. It happened because a privileged third party allegedly moved sensitive credentials between a work machine and a personal GitHub account, and no system caught it. Every organization that grants a vendor or contractor administrative access has this exposure. The first question is not whether your vendors are trustworthy. It is whether you have any visibility at all into how they store and move your credentials, and in most organizations the honest answer is none.

Then the build system. The most dangerous item in the repository was not a password. It was access to the software pipeline, the layer that, if compromised, distributes an attacker's foothold automatically. Most security programs watch endpoints and email far more closely than they watch their own CI/CD pipelines and package repositories, which is precisely why sophisticated actors target the pipeline. If you cannot answer how your build system is monitored, that is the gap to close first.

And then the assurance itself. CISA said there was no indication of compromise while researchers were still finding live keys it had not rotated. That is not unique to CISA. It is the default posture of almost every institution after an exposure, because the incentive is to make the event sound smaller and more contained than the evidence supports. The lesson for a board is to stop treating a clean assurance as evidence of safety, and to demand the one thing that actually carries information: independent verification, by someone whose incentive is to find the problem rather than to narrate it away.

Read This With the Rest

This is one of five connected stories from a single sixty-day window in 2026. The cover analysis, Five Warnings in Sixty Days: The Keys to America's Infrastructure Are Not Being Held, connects all five and links to each of the detailed investigations, including the AT&T whistleblower case that shares this story's central pattern.

Related Reading

• AT&T Holds the Keys to Federal Surveillance. A Whistleblower Says It Hid the Break-Ins.
• What is Attack Surface Management?
• What is Vendor Risk Management?