GitGuardian is an end-to-end NHI and secrets security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. Pulse 2.0 interviewed GitGuardian CTO Jeremy Brown to gain a better understanding of how the company was among the first security vendors to deploy an (Model Context Protocol) MCP server.
Jeremy Brown’s Background
What is Jeremy Brown’s background? Brown said:
“My path to cybersecurity leadership wasn’t linear at all. I started as a software engineer working on Symbian smartphone operating systems, then moved into consulting at Accenture, and even spent time in pre-sales engineering and sales at Red Hat. I also co-founded Limbe Labs, one of Cameroon’s first startup incubators, which taught me that great engineering talent exists everywhere.”
“How I ended up in cybersecurity was through Red Hat’s Open Innovation Labs, where I worked with customers on digital transformation journeys. This led me to Dashlane, where I experienced firsthand how dangerous leaked credentials really were—and we were actually a GitGuardian customer, so I knew how they were solving these problems at scale.”
“As CTO, I lead engineering strategy for secrets security and non-human identity governance. My biggest challenge has been pivoting our product from just detecting leaked secrets to building a comprehensive NHI governance solution. We’re embracing AI in two critical ways: internally for staff productivity, and embedding ML and LLMs directly into our product to tackle challenges around secret analysis and risk prioritization that simply weren’t feasible before.”
Launching The MCP Server
What were the key drivers in deciding to launch your own MCP Server? Brown shared:
“We didn’t want to just watch the AI agent ecosystem evolve—we wanted to participate responsibly. As one of the first security vendors to launch an MCP server, we saw an opportunity to provide developers with secure, auditable ways to interact with secrets management workflows. But it was also a defensive security measure. By owning our namespace early, we created a verified environment that users could trust and prevented potential impersonation attacks.”
Namespace Squatting
Namespace squatting is a ‘new security frontier’ for MCP servers. How widespread is this problem? Have you seen evidence of malicious actors already attempting to squat on legitimate company namespaces, and what would be the worst-case scenario if a major enterprise fell victim to this? Brown pointed out:
“Namespace squatting is absolutely a critical emerging threat, but I need to be honest—we haven’t seen widespread malicious attacks yet because the MCP ecosystem is still relatively young. However, this doesn’t mean the risk is theoretical. We’re already seeing “land grabs” where individuals and companies are preemptively registering valuable namespaces, and the pattern from other ecosystems tells us what’s coming.”
“Look at what’s happened with package managers like npm and PyPI—waves of typosquatting and what we call “slop squatting,” where attackers register misspelled or commonly hallucinated names to trick automation tools. These attacks have led to data breaches, malware distribution, and supply chain compromises. Domain squatting has an even longer history of brand impersonation and phishing.”
“The MCP namespace model—open, first-come-first-served, with no central authority—makes it ripe for the same attacks. Anyone can publish an MCP server, which means if your company doesn’t secure its namespace early, someone else will.”
“The worst-case scenario for a major enterprise is severe: AI agents could be tricked into sending sensitive internal data to rogue MCP servers, attackers could inject malicious outputs or destructive commands, and the entire trust model of agent-based systems could be undermined. Imagine your agents connecting to what they think is your official HR or finance MCP server, but it’s actually controlled by an attacker.”
“This is why we treated our namespace registration as a defensive security measure from day one. The window for easy prevention is still open, but it won’t last.”
MCO Ecosystem Security
Given recent vulnerabilities in MCP infrastructure, do you think the MCP ecosystem is moving too fast without adequate security oversight? Should there be industry standards or regulatory frameworks? Brown emphasized:
“The ecosystem is definitely moving fast, but that’s the nature of AI innovation right now. The key isn’t slowing down—it’s building security into the foundation from day one. During our internal testing, we discovered that AI agents can be overly helpful in dangerous ways. We observed scenarios where an agent initiated actions like closing all incidents in a workspace, not just the ones related to its context.”
“This taught us that agents cannot be fully trusted yet. We responded by setting our MCP server to read-only access by default and ensuring every action is logged and traceable. Rather than waiting for regulatory frameworks, we need the industry to adopt security-first principles: start with minimal permissions, prioritize simplicity over completeness, and build infrastructure where mistakes are reversible and behavior is observable.”
Advice About MCP Deployment
For CISOs and security teams reading this, what’s your advice on evaluating whether their organization is ready for MCP deployment? What are the red flags that suggest they should wait? Brown explained:
“Dealing with the explosion of API keys being used by AI agents requires us to do all the security basics we should already have been doing, but this explosion amplifies the issue to the level where you might need new approaches and tools to have proper governance around your existing non-human identities. The biggest red flag is if you don’t have proper governance around your existing non-human identities. If you’re already struggling to manage API keys, service accounts, and certificates, adding AI agents will only amplify those problems.”
“Before deploying MCP, you need foundational infrastructure: centralized AI access through proxies with enterprise agreements, comprehensive secrets detection, automated lifecycle management for machine identities, and secure development environments with proper role-based access controls.”
“Start small and focus on read-only use cases first. Build auditable, reversible systems where every agent action is logged and traceable. Most importantly, remember that security should be an enabler, not a blocker. When you get the foundation right, your teams can experiment safely and move faster because they’re not constantly dealing with security incidents.”
AI Agent Security Concerns
Looking ahead, what keeps you up at night regarding AI agent security? As more organizations deploy autonomous agents with broader permissions, what new attack vectors or security challenges do you anticipate that we haven’t seen yet? Brown concluded:
“What keeps me up is the explosion of machine identities that we’re not prepared for. We’re seeing organizations where machine identities outnumber humans by 100 to 1, and with AI agents, that ratio is only growing. These machine identities behave completely differently—they authenticate using API keys and certificates that, once compromised, provide direct access to systems without multi-factor authentication.”
“The attack vectors I’m most concerned about involve AI agents copying secrets to third-party infrastructure, development environments, and knowledge bases in ways that dramatically expand the attack surface. We’re also seeing new threats like “slop squatting,” where malicious actors create packages with names commonly hallucinated by AI systems.”
“The fundamental challenge is that we’re giving machines more agency while managing them with tools designed for human users. As agents become more autonomous and interconnected, we need new approaches to identity governance, lifecycle management, and behavioral monitoring. The organizations that figure this out first will have a massive competitive advantage—they’ll be able to deploy AI safely at scale while others are still dealing with basic credential management problems.”
