All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

GitHub and Microsoft reduce false positives in secret scanning using context-aware LLM reasoning

By

Natalie Guevara

1d ago· 8 min readenInsight
Bagel score 90 of 100
90/100
Golden Brown
Bagelometer

Toasted golden, schmeared with insight. Top of the rack.

Score90TypeanalysisSentimentpositive

Summary

GitHub collaborated with Microsoft Security & AI's Agents Offense team to reduce false positives in secret scanning at scale. By using context-aware LLM reasoning in the verification step, they improved alert trustworthiness and reduced developer fatigue from noisy alerts. The article focuses on how reducing false positives makes secret scanning more actionable and trustworthy for developers and organizations.

Key quotes

· 5 pulled
Secret scanning plays a critical role in protecting developers and organizations.
At GitHub's scale, even small inefficiencies create real friction.
Too many false positives make alerts harder to trust.
When alerts feel noisy, developers spend more time triaging and less time fixing real issues.
Alerts are more trustworthy and actionable when noise is reduced.
Snippet from the RSS feed
Alerts are more trustworthy and actionable when noise is reduced. See how we improved the verification step with context-aware LLM reasoning.

You might also wanna read

Strategies for Mitigating Context Failures in LLM Applications

This article provides practical strategies for mitigating and avoiding context failures in large language model applications, focusing on in

dbreunig.com·9mo ago

LLM-powered scanners set to overwhelm open source maintainers with security vulnerabilities by 2026

The article warns that by summer 2026, LLM-powered code scanners will dramatically increase the rate of security vulnerability discoveries i

metabase.com·28d ago

Truffle Security Releases Force Push Scanner to Detect Secrets in GitHub Commits

The article introduces the Force Push Scanner, a tool developed by Truffle Security to detect secrets in dangling commits on GitHub that rem

trufflesecurity.com·10mo ago

Introducing Contextual Commits: An Open Standard for Capturing Code Change Reasoning in Git History

The article introduces "Contextual Commits," an open standard designed to capture the reasoning and context behind code changes in git histo

vidimitrov.substack.com·3mo ago

Hacker News Discussion: Addressing Blind Trust in Large Language Models

This Hacker News discussion thread explores the challenge of dealing with people who blindly trust Large Language Models (LLMs) as sources o

news.ycombinator.com·2mo ago

Benchmarking Frontier LLMs on Real-World CVE Patching: Mixed Results and Methodological Challenges

A comprehensive benchmark evaluation of five frontier large language models (LLMs) testing their ability to fix real-world security vulnerab

giovannigatti.github.io·8d ago